Total
277662 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33051 | 1 Qualcomm | 637 315 5g Iot, 315 5g Iot Firmware, 315 5g Iot Modem Firmware and 634 more | 2024-09-04 | 7.5 High |
| Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. | ||||
| CVE-2024-28044 | 1 Openatom | 1 Openharmony | 2024-09-04 | 3.3 Low |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. | ||||
| CVE-2024-8327 | 2 Easy Test Online Learning And Testing Platform Project, Hwa Jiuh Digital Technology | 2 Easy Test Online Learning And Testing Platform, Easy Test Online Learning And Testing Platform | 2024-09-04 | 8.8 High |
| Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2024-8328 | 1 Easy Test Online Learning And Testing Platform Project | 1 Easy Test Online Learning And Testing Platform | 2024-09-04 | 5.4 Medium |
| Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks. | ||||
| CVE-2024-38382 | 1 Openatom | 1 Openharmony | 2024-09-04 | 5.5 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||||
| CVE-2024-33050 | 1 Qualcomm | 541 Ar8035, Ar8035 Firmware, Ar9380 and 538 more | 2024-09-04 | 7.5 High |
| Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper. | ||||
| CVE-2024-33057 | 1 Qualcomm | 356 Ar8035, Ar8035 Firmware, Csr8811 and 353 more | 2024-09-04 | 7.5 High |
| Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location. | ||||
| CVE-2024-41162 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 4.1 Medium |
| Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only. | ||||
| CVE-2024-38386 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-09-04 | 8.4 High |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-41926 | 1 Mattermost | 1 Mattermost Server | 2024-09-04 | 2.7 Low |
| Mattermost versions 9.9.x <= 9.9.0 and 9.5.x <= 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote. | ||||
| CVE-2024-45509 | 1 Misp | 1 Misp | 2024-09-04 | 9.8 Critical |
| In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. | ||||
| CVE-2024-45508 | 2 Htmldoc, Htmldoc Project | 2 Htmldoc, Htmldoc | 2024-09-04 | 9.8 Critical |
| HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. | ||||
| CVE-2024-8348 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2024-09-04 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8347 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2024-09-04 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Computer Laboratory Management System 1.0. Affected by this vulnerability is the function delete_record of the file /classes/Master.php?f=delete_record. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44684 | 1 Tpmecms | 1 Tpmecms | 2024-09-04 | 6.1 Medium |
| TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting (XSS) in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields. | ||||
| CVE-2024-44683 | 1 Seacms | 1 Seacms | 2024-09-04 | 6.1 Medium |
| Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php. | ||||
| CVE-2024-39612 | 1 Openatom | 1 Openharmony | 2024-09-04 | 5.5 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | ||||
| CVE-2024-44682 | 1 Shopxo | 1 Shopxo | 2024-09-04 | 6.1 Medium |
| ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters. | ||||
| CVE-2024-8346 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2024-09-04 | 6.3 Medium |
| A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. Affected is the function update_settings_info of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8345 | 2 Music Gallery Site Project, Oretnom23 | 2 Music Gallery Site, Music Gallery Site | 2024-09-04 | 6.3 Medium |
| A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||