Total
78601 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6994 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 8.8 HIGH |
| Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-6991 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 8.8 HIGH |
| Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-7000 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 8.8 HIGH |
| Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-23456 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 7.5 HIGH |
| Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled. | |||||
| CVE-2024-7552 | 1 Datagear | 1 Datagear | 2024-08-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in DataGear up to 5.0.0. It has been declared as critical. Affected by this vulnerability is the function evaluateVariableExpression of the file ConversionSqlParamValueMapper.java of the component Data Schema Page. The manipulation leads to improper neutralization of special elements used in an expression language statement. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273697 was assigned to this vulnerability. | |||||
| CVE-2024-23458 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 7.8 HIGH |
| While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190. | |||||
| CVE-2024-23460 | 1 Zscaler | 1 Client Connector | 2024-08-07 | N/A | 7.8 HIGH |
| The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2. | |||||
| CVE-2024-6988 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-07 | N/A | 8.8 HIGH |
| Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-41990 | 1 Djangoproject | 1 Django | 2024-08-07 | N/A | 7.5 HIGH |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. | |||||
| CVE-2024-41991 | 1 Djangoproject | 1 Django | 2024-08-07 | N/A | 7.5 HIGH |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | |||||
| CVE-2024-6998 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 8.8 HIGH |
| Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-6997 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 8.8 HIGH |
| Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7370 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_quiz.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273354 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-7371 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quiz_view.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273355. | |||||
| CVE-2024-7372 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /quiz_board.php. The manipulation of the argument quiz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273356. | |||||
| CVE-2024-7373 | 1 Oretnom23 | 1 Simple Realtime Quiz System | 2024-08-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=load_answered. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273357 was assigned to this vulnerability. | |||||
| CVE-2024-2232 | 2024-08-07 | N/A | 8.1 HIGH | ||
| The lacks CSRF checks allowing a user to invite any user to any group (including private groups) | |||||
| CVE-2024-41260 | 2024-08-06 | N/A | 7.5 HIGH | ||
| A static initialization vector (IV) in the encrypt function of netbird v0.28.4 allows attackers to obtain sensitive information. | |||||
| CVE-2024-7460 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-06 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273553 was assigned to this vulnerability. | |||||
| CVE-2024-7459 | 1 Siamonhasan | 1 Warehouse Inventory System | 2024-08-06 | 5.0 MEDIUM | 8.8 HIGH |
| A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552. | |||||