Total
264154 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7024 | 1 Google | 1 Chrome | 2024-09-26 | 9.3 Critical |
| Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-8612 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2024-09-26 | 3.8 Low |
| A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak. | ||||
| CVE-2024-9035 | 1 Code-projects | 1 Blood Bank System | 2024-09-26 | 7.3 High |
| A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Admin Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9036 | 1 Itsourcecode | 1 Online Book Store | 2024-09-26 | 6.3 Medium |
| A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9048 | 1 Y Project | 1 Ruoyi | 2024-09-26 | 3.1 Low |
| A vulnerability was found in y_project RuoYi up to 4.7.9. It has been declared as problematic. Affected by this vulnerability is the function SysUserServiceImpl of the file ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java of the component Backend User Import. The manipulation of the argument loginName leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The patch is named 9b68013b2af87b9c809c4637299abd929bc73510. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2023-26689 | 1 Cs-cart | 1 Cs-cart Multivendor | 2024-09-26 | 9.8 Critical |
| An issue discovered in CS-Cart MultiVendor 4.16.1 allows attackers to alter arbitrary user account profiles via crafted post request. | ||||
| CVE-2024-46644 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. | ||||
| CVE-2024-46645 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. | ||||
| CVE-2024-46646 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. | ||||
| CVE-2024-46648 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. | ||||
| CVE-2024-46649 | 1 Enms | 1 Enms | 2024-09-26 | 7.5 High |
| eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. | ||||
| CVE-2024-46241 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2024-09-26 | 5.9 Medium |
| PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via the pname parameter in add_product.php and edit_product.php. | ||||
| CVE-2023-7281 | 1 Google | 1 Chrome | 2024-09-26 | 4.3 Medium |
| Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-46647 | 1 Enms | 1 Enms | 2024-09-26 | 6.5 Medium |
| eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. | ||||
| CVE-2024-37879 | 2024-09-26 | N/A | ||
| Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo". | ||||
| CVE-2024-42697 | 1 Leotheme | 1 Leo Product Search Module | 2024-09-26 | 6.1 Medium |
| Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function. | ||||
| CVE-2024-46652 | 1 Tenda | 1 Ac8v4 Firmware | 2024-09-26 | 9.8 Critical |
| Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. | ||||
| CVE-2024-9034 | 1 Code-projects | 1 Patient Code Management System | 2024-09-26 | 7.3 High |
| A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9037 | 1 Codezips | 1 Internal Marks Calculation | 2024-09-26 | 7.3 High |
| A vulnerability classified as critical has been found in Codezips Internal Marks Calculation 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-44540 | 1 Ubiquiti | 1 Airmax Firmware | 2024-09-26 | 6.6 Medium |
| Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. | ||||