Total
276814 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13277 | 2025-01-10 | 9.1 Critical | ||
| Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. | ||||
| CVE-2024-13276 | 2025-01-10 | 7.5 High | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. | ||||
| CVE-2024-13264 | 2025-01-10 | 9.8 Critical | ||
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2. | ||||
| CVE-2024-13260 | 2025-01-10 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. | ||||
| CVE-2024-13259 | 2025-01-10 | 7.5 High | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | ||||
| CVE-2024-13258 | 2025-01-10 | 9.8 Critical | ||
| Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. | ||||
| CVE-2024-13257 | 2025-01-10 | 5.3 Medium | ||
| Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. | ||||
| CVE-2024-13256 | 2025-01-10 | 7.5 High | ||
| Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | ||||
| CVE-2024-13255 | 2025-01-10 | 7.5 High | ||
| Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. | ||||
| CVE-2024-13254 | 2025-01-10 | 7.5 High | ||
| Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. | ||||
| CVE-2024-13253 | 2025-01-10 | 9.1 Critical | ||
| Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0. | ||||
| CVE-2024-13251 | 2025-01-10 | 8.8 High | ||
| Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1. | ||||
| CVE-2024-13250 | 2025-01-10 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6. | ||||
| CVE-2024-13244 | 2025-01-10 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3. | ||||
| CVE-2024-13243 | 2025-01-10 | 6.5 Medium | ||
| Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1. | ||||
| CVE-2023-31548 | 1 Churchcrm | 1 Churchcrm | 2025-01-10 | 5.4 Medium |
| A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-30285 | 1 Deviniti | 1 Issue Sync | 2025-01-10 | 7.5 High |
| An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser. | ||||
| CVE-2023-2111 | 1 Groundhogg | 1 Hollerbox | 2025-01-10 | 4.9 Medium |
| The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site's database. | ||||
| CVE-2023-23562 | 1 Stormshield | 1 Endpoint Security | 2025-01-10 | 4.3 Medium |
| Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. | ||||
| CVE-2021-45039 | 1 Uniview | 1 Camera Firmware | 2025-01-10 | 9.8 Critical |
| Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command. | ||||