Total
276708 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10408 | 1 Qualcomm | 10 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8037 and 7 more | 2025-01-09 | 7.8 High |
| QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. | ||||
| CVE-2017-18306 | 1 Qualcomm | 14 Sd 450, Sd 450 Firmware, Sd 625 and 11 more | 2025-01-09 | 8.4 High |
| Information disclosure due to uninitialized variable. | ||||
| CVE-2024-56114 | 2025-01-09 | N/A | ||
| Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account. | ||||
| CVE-2024-55494 | 2025-01-09 | 6.1 Medium | ||
| A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php. | ||||
| CVE-2024-54887 | 2025-01-09 | N/A | ||
| TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user. | ||||
| CVE-2024-54724 | 2025-01-09 | N/A | ||
| PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion. | ||||
| CVE-2024-46505 | 2025-01-09 | N/A | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | ||||
| CVE-2024-44083 | 1 Hex-rays | 1 Ida Pro | 2025-01-09 | 7.5 High |
| ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue. | ||||
| CVE-2024-40530 | 1 Uab Lexita | 1 Panteracrm Cms | 2025-01-09 | N/A |
| A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. | ||||
| CVE-2024-13275 | 2025-01-09 | N/A | ||
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. | ||||
| CVE-2024-13274 | 2025-01-09 | N/A | ||
| Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. | ||||
| CVE-2024-13272 | 2025-01-09 | N/A | ||
| Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. | ||||
| CVE-2024-13271 | 2025-01-09 | N/A | ||
| Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. | ||||
| CVE-2024-13270 | 2025-01-09 | N/A | ||
| Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1. | ||||
| CVE-2024-13269 | 2025-01-09 | N/A | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11. | ||||
| CVE-2024-13268 | 2025-01-09 | N/A | ||
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23. | ||||
| CVE-2024-13267 | 2025-01-09 | N/A | ||
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3. | ||||
| CVE-2024-13266 | 2025-01-09 | N/A | ||
| Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | ||||
| CVE-2024-13265 | 2025-01-09 | N/A | ||
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2. | ||||
| CVE-2024-10215 | 2025-01-09 | 9.8 Critical | ||
| The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. | ||||