Total
277606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29064 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-09 | 6.2 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2024-29063 | 1 Microsoft | 1 Azure Ai Search | 2025-01-09 | 7.3 High |
| Azure AI Search Information Disclosure Vulnerability | ||||
| CVE-2024-7387 | 1 Redhat | 1 Openshift | 2025-01-09 | 9.1 Critical |
| A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||
| CVE-2024-6508 | 1 Redhat | 1 Openshift | 2025-01-09 | 8 High |
| An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions. | ||||
| CVE-2024-45496 | 1 Redhat | 1 Openshift | 2025-01-09 | 9.9 Critical |
| A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||
| CVE-2024-11096 | 1 Code-projects | 1 Task Manager | 2025-01-09 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11077 | 2 Anisha, Code-projects | 2 Job Recruitment, Job Recruitment | 2025-01-09 | 7.3 High |
| A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11076 | 1 Anisha | 1 Job Recruitment | 2025-01-09 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13093 | 2025-01-09 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /_parse/_call_main_search_ajax.php of the component Seeker Profile Handler. The manipulation of the argument s1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-45052 | 3 Axiell, Linux, Microsoft | 3 Iguana, Linux Kernel, Windows | 2025-01-09 | 8.8 High |
| A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server. | ||||
| CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2025-01-09 | 9.8 Critical |
| Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | ||||
| CVE-2022-2421 | 1 Socket | 1 Socket.io-parser | 2025-01-09 | 10 Critical |
| Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | ||||
| CVE-2024-27114 | 2 So Planning, Soplanning | 2 Simple Online Planning, Soplanning | 2025-01-09 | 9.8 Critical |
| A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02. | ||||
| CVE-2024-21875 | 1 Badge.team | 1 Hacker Hotel Badge 2024 | 2025-01-09 | 6.5 Medium |
| Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3. | ||||
| CVE-2021-4406 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 9.1 Critical |
| An administrator is able to execute commands as root via the alerts management dialog | ||||
| CVE-2021-42079 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 6.2 Medium |
| An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests. | ||||
| CVE-2021-42080 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 7.4 High |
| An attacker is able to launch a Reflected XSS attack using a crafted URL. | ||||
| CVE-2021-42082 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 7.8 High |
| Local users are able to execute scripts under root privileges. | ||||
| CVE-2021-42081 | 1 Osnexus | 1 Quantastor | 2025-01-09 | 9.1 Critical |
| An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API. | ||||
| CVE-2022-24387 | 1 Smartertools | 1 Smartertrack | 2025-01-09 | 9.1 Critical |
| With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | ||||