Total
276814 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39924 | 1 Vaultwarden | 1 Vaultwarden | 2025-01-09 | N/A |
| An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period. | ||||
| CVE-2024-37392 | 1 Smseagle | 1 Smseagle | 2025-01-09 | 6.1 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI. | ||||
| CVE-2024-35314 | 1 Mitel | 2 Micollab, Mivoice Business Solutions Virtual Instance | 2025-01-09 | N/A |
| A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts. | ||||
| CVE-2024-10525 | 1 Eclipse Foundation | 1 Mosquitto | 2025-01-09 | 7.6 High |
| In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients. | ||||
| CVE-2024-10466 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2025-01-09 | 7.5 High |
| By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | ||||
| CVE-2023-48082 | 1 Nagios | 1 Xi | 2025-01-09 | N/A |
| Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | ||||
| CVE-2023-33778 | 1 Draytek | 143 Myvigor, Vigor1000b, Vigor1000b Firmware and 140 more | 2025-01-09 | 9.8 Critical |
| Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website. | ||||
| CVE-2023-33764 | 1 Simpleredak | 1 Simpleredak | 2025-01-09 | 5.4 Medium |
| eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/<ID>. | ||||
| CVE-2023-33719 | 1 Mp4v2 | 1 Mp4v2 | 2025-01-09 | 5.5 Medium |
| mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp | ||||
| CVE-2023-33716 | 1 Mp4v2 | 1 Mp4v2 | 2025-01-09 | 5.5 Medium |
| mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. | ||||
| CVE-2023-30758 | 1 Pleasanter | 1 Pleasanter | 2025-01-09 | 5.4 Medium |
| Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-2977 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2025-01-09 | 7.1 High |
| A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible. | ||||
| CVE-2023-29748 | 1 Story Saver For Instagram - Video Downloader Project | 1 Story Saver For Instagram - Video Downloader | 2025-01-09 | 7.5 High |
| Story Saver for Instragram - Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service. | ||||
| CVE-2023-29736 | 1 Timmystudios | 1 Keyboard Themes | 2025-01-09 | 9.8 Critical |
| Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution. | ||||
| CVE-2023-29723 | 1 Glitter Unicorn Wallpaper Project | 1 Glitter Unicorn Wallpaper | 2025-01-09 | 7.5 High |
| The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack. | ||||
| CVE-2023-29722 | 1 Glitter Unicorn Wallpaper Project | 1 Glitter Unicorn Wallpaper | 2025-01-09 | 9.1 Critical |
| The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack. | ||||
| CVE-2023-23913 | 2025-01-09 | 6.3 Medium | ||
| There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute. | ||||
| CVE-2022-37056 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-01-09 | 9.8 Critical |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | ||||
| CVE-2019-10891 | 1 Dlink | 2 Dir-806, Dir-806 Firmware | 2025-01-09 | 9.8 Critical |
| An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header. | ||||
| CVE-2024-32036 | 1 Sixlabors | 1 Imagesharp | 2025-01-09 | 5.3 Medium |
| ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8. | ||||