Total
271771 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1833 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A |
| A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol parser of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured policies. The vulnerability is due to improper parsing of specific attributes in a TLS packet header. An attacker could exploit this vulnerability by sending malicious TLS messages to the affected system. A successful exploit could allow the attacker to bypass the configured policies for the system, which could allow traffic to flow through without being inspected. | ||||
| CVE-2024-35676 | 1 Wp-ecommerce | 1 Recurring Paypal Donations | 2024-11-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through 1.7. | ||||
| CVE-2020-23452 | 1 Selenium | 1 Selenium Grid | 2024-11-26 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page. | ||||
| CVE-2024-35678 | 1 Bestwebsoft | 1 Contact Form To Db | 2024-11-26 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft.This issue affects Contact Form to DB by BestWebSoft: from n/a through 1.7.2. | ||||
| CVE-2024-31252 | 1 Dfactory | 1 Responsive Lightbox \& Gallery | 2024-11-26 | 4.3 Medium |
| Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6. | ||||
| CVE-2023-51020 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-26 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langType’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | ||||
| CVE-2024-7391 | 2024-11-26 | N/A | ||
| ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability. The specific flaw exists within the Wi-Fi setup logic. By connecting to the device over Bluetooth Low Energy during the setup process, an attacker can obtain Wi-Fi credentials. An attacker can leverage this vulnerability to disclose credentials and gain access to the device owner's Wi-Fi network. Was ZDI-CAN-21454. | ||||
| CVE-2024-45369 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2024-11-26 | 8.1 High |
| The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. | ||||
| CVE-2017-18307 | 1 Qualcomm | 7 Sd 450 Firmware, Sd 625 Firmware, Sd 820 Firmware and 4 more | 2024-11-26 | 8.4 High |
| Information disclosure possible while audio playback. | ||||
| CVE-2018-11816 | 1 Qualcomm | 14 9206 Lte Modem Firmware, Apq8016 Firmware, Apq8017 Firmware and 11 more | 2024-11-26 | 7.8 High |
| Crafted Binder Request Causes Heap UAF in MediaServer | ||||
| CVE-2017-18306 | 1 Qualcomm | 7 Sd 450 Firmware, Sd 625 Firmware, Sd 820 Firmware and 4 more | 2024-11-26 | 8.4 High |
| Information disclosure due to uninitialized variable. | ||||
| CVE-2016-10408 | 1 Qualcomm | 5 9206 Lte Modem Firmware, Apq8037 Firmware, Sd626 Firmware and 2 more | 2024-11-26 | 7.8 High |
| QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. | ||||
| CVE-2024-11098 | 2024-11-26 | 5.5 Medium | ||
| The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-48861 | 1 Qnap | 1 Qurouter | 2024-11-26 | N/A |
| An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later | ||||
| CVE-2024-5722 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
| Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170. | ||||
| CVE-2024-5721 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
| Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169. | ||||
| CVE-2024-5720 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
| Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24168. | ||||
| CVE-2024-5719 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
| Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24167. | ||||
| CVE-2024-5718 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
| Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 by default when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24166. | ||||
| CVE-2024-5717 | 1 Logsign | 1 Unified Secops | 2024-11-26 | N/A |
| Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24165. | ||||