Total 279040 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-8280 1 Lenovo 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more 2024-09-14 7.2 High
An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service using a specially crafted file.
CVE-2024-8278 1 Lenovo 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more 2024-09-14 7.2 High
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands.
CVE-2024-8279 1 Lenovo 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more 2024-09-14 7.2 High
A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads.
CVE-2024-7928 1 Fastadmin 1 Fastadmin 2024-09-13 4.3 Medium
A vulnerability, which was classified as problematic, has been found in FastAdmin up to 1.3.3.20220121. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipulation of the argument lang leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.4.20220530 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2024-43931 1 Eyecix 1 Jobsearch Wp Job Board 2024-09-13 9.8 Critical
Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3.
CVE-2024-40430 2024-09-13 N/A
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2023-34974 1 Qnap 2 Qts, Quts Hero 2024-09-13 8.8 High
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later
CVE-2024-42037 1 Huawei 2 Emui, Harmonyos 2024-09-13 9.3 Critical
Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-32762 1 Qnap 1 Qulog Center 2024-09-13 8.2 High
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuLog Center 1.8.0.872 ( 2024/06/17 ) and later QuLog Center 1.7.0.827 ( 2024/06/17 ) and later
CVE-2024-42036 1 Huawei 2 Emui, Harmonyos 2024-09-13 2.5 Low
Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-43132 2 Wpweb Elite, Wpwebelite 2 Docket, Docket 2024-09-13 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPWeb Elite Docket (WooCommerce Collections / Wishlist / Watchlist) allows SQL Injection.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0.
CVE-2024-27125 1 Qnap 1 Helpdesk 2024-09-13 3.5 Low
A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following version: Helpdesk 3.3.1 and later
CVE-2024-39658 1 Salonbookingsystem 1 Salon Booking System 2024-09-13 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Salon Booking System Salon booking system allows SQL Injection.This issue affects Salon booking system: from n/a through 10.7.
CVE-2024-39653 1 E4jconnect 1 Vikrentcar 2024-09-13 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in E4J s.R.L. VikRentCar allows SQL Injection.This issue affects VikRentCar: from n/a through 1.4.0.
CVE-2024-39638 1 Roundupwp 1 Registrations For The Events Calendar 2024-09-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2.
CVE-2024-38793 1 Pricelisto 1 Great Restaurant Menu Wp 2024-09-13 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PriceListo Best Restaurant Menu by PriceListo allows SQL Injection.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.1.
CVE-2024-45429 1 Wpengine 1 Advanced Custom Fields 2024-09-13 6.1 Medium
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's.
CVE-2024-38486 1 Dell 1 Smartfabric Os10 2024-09-13 7.5 High
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVE-2024-38693 1 Wedevs 1 Wp User Frontend 2024-09-13 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a through 4.0.7.
CVE-2024-1744 2 Accordors, Ariva Computer 2 Accord Ors, Accord Ors 2024-09-13 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.