Search Results (37172 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-34753 2 Apple, Bloofox 2 Macos, Bloofoxcms 2025-01-02 9.8 Critical
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
CVE-2023-34752 2 Apple, Bloofox 2 Macos, Bloofoxcms 2025-01-02 9.8 Critical
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
CVE-2023-34751 2 Apple, Bloofox 2 Macos, Bloofoxcms 2025-01-02 9.8 Critical
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.
CVE-2023-34750 2 Apple, Bloofox 2 Macos, Bloofoxcms 2025-01-02 9.8 Critical
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
CVE-2024-2147 1 Oretnom23 1 Online Mobile Store Management System 2025-01-02 7.3 High
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255500.
CVE-2024-21834 1 Openatom 1 Openharmony 2025-01-02 3.3 Low
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2024-56348 1 Jetbrains 1 Teamcity 2025-01-02 4.3 Medium
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents
CVE-2024-56349 1 Jetbrains 1 Teamcity 2025-01-02 5.3 Medium
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs
CVE-2024-56350 1 Jetbrains 1 Teamcity 2025-01-02 4.3 Medium
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects
CVE-2024-31495 1 Fortinet 1 Fortiportal 2025-01-02 3.9 Low
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality.
CVE-2022-21894 1 Microsoft 18 Windows 10, Windows 10 1507, Windows 10 1607 and 15 more 2025-01-02 4.4 Medium
Secure Boot Security Feature Bypass Vulnerability
CVE-2024-12053 1 Google 1 Chrome 2025-01-02 8.8 High
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8904 1 Google 1 Chrome 2025-01-02 8.8 High
Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9603 1 Google 1 Chrome 2025-01-02 8.8 High
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-45246 4 Acronis, Apple, Linux and 1 more 5 Agent, Cyber Protect Cloud Agent, Macos and 2 more 2025-01-02 7.1 High
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
CVE-2024-9122 1 Google 1 Chrome 2025-01-02 8.8 High
Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2024-9859 1 Google 1 Chrome 2025-01-02 8.8 High
Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2023-35356 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2025-01-01 7.8 High
Windows Kernel Elevation of Privilege Vulnerability
CVE-2023-35297 1 Microsoft 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more 2025-01-01 8.1 High
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-23394 1 Microsoft 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more 2025-01-01 5.5 Medium
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability