Total 263518 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-20483 1 Cisco 1 Ios Xr 2024-09-20 7.2 High
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager or direct access to the PON Manager MongoDB instance to perform command injection attacks on the PON Controller container and execute arbitrary commands as root. These vulnerabilities are due to insufficient validation of arguments that are passed to specific configuration commands. An attacker could exploit these vulnerabilities by including crafted input as the argument of an affected configuration command. A successful exploit could allow the attacker to execute arbitrary commands as root on the PON controller.
CVE-2014-0502 8 Adobe, Apple, Google and 5 more 15 Adobe Air, Adobe Air Sdk, Flash Player and 12 more 2024-09-20 8.8 High
Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.
CVE-2013-0648 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2024-09-20 8.8 High
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0643 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2024-09-20 8.8 High
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2023-26323 1 Mi 1 App Market 2024-09-20 7.6 High
A code execution vulnerability exists in the Xiaomi App market product. The vulnerability is caused by unsafe configuration and can be exploited by attackers to execute arbitrary code.
CVE-2024-25699 2024-09-20 8.5 High
There is a difficult to exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 10.8.1 through 11.2 on Windows and Linux, and ArcGIS Enterprise 11.1 and below on Kubernetes which, under unique circumstances, could potentially allow a remote, unauthenticated attacker to compromise the confidentiality, integrity, and availability of the software.
CVE-2024-9011 2024-09-20 6.3 Medium
A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8963 1 Ivanti 1 Endpoint Manager Cloud Services Appliance 2024-09-20 9.4 Critical
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
CVE-2019-1069 1 Microsoft 12 Windows 10, Windows 10 1507, Windows 10 1607 and 9 more 2024-09-20 7.8 High
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.
CVE-2022-21445 1 Oracle 1 Jdeveloper 2024-09-20 9.8 Critical
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2024-46049 1 Tenda 2 O6, O6 Firmware 2024-09-20 5.7 Medium
Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.
CVE-2024-46048 1 Tenda 2 Fh451, Fh451 Firmware 2024-09-20 8.8 High
Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
CVE-2024-46047 1 Tenda 2 Fh451, Fh451 Firmware 2024-09-20 6.5 Medium
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.
CVE-2024-46046 1 Tenda 2 Fh451, Fh451 Firmware 2024-09-20 6.5 Medium
Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.
CVE-2024-46045 1 Tenda 2 Ch22, Ch22 Firmware 2024-09-20 5.7 Medium
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
CVE-2024-46044 1 Tenda 2 Ch22, Ch22 Firmware 2024-09-20 5.7 Medium
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
CVE-2024-6080 1 Intelbras 1 Incontrol 2024-09-20 7.8 High
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.
CVE-2024-4551 1 Yotuwp 1 Video Gallery 2024-09-20 6.4 Medium
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVE-2024-4450 1 Ali2woo 1 Aliexpress Dropshipping With Alinext 2024-09-20 6.3 Medium
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several actions like importing and modifying products.
CVE-2024-4258 1 Yotuwp 1 Video Gallery 2024-09-20 9.8 Critical
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.