Total
78936 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-7066 | 2024-08-13 | N/A | 7.8 HIGH | ||
| The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2024-41908 | 2024-08-13 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process. | |||||
| CVE-2024-43131 | 2024-08-13 | N/A | 7.5 HIGH | ||
| Incorrect Authorization vulnerability in WPWeb Docket (WooCommerce Collections / Wishlist / Watchlist) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Docket (WooCommerce Collections / Wishlist / Watchlist): from n/a before 1.7.0. | |||||
| CVE-2024-38699 | 2024-08-13 | N/A | 7.5 HIGH | ||
| Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13. | |||||
| CVE-2024-43156 | 2024-08-13 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AddonMaster Post Grid Master allows Reflected XSS.This issue affects Post Grid Master: from n/a through 3.4.10. | |||||
| CVE-2024-40479 | 2024-08-13 | N/A | 8.1 HIGH | ||
| A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam System v1.0 allows remote attackers to execute arbitrary SQL commands via the "eid" parameter. | |||||
| CVE-2024-37826 | 2024-08-12 | N/A | 7.5 HIGH | ||
| A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | |||||
| CVE-2024-7502 | 1 Deltaww | 1 Diascreen | 2024-08-12 | N/A | 7.8 HIGH |
| A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2024-34620 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.8 HIGH |
| Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. | |||||
| CVE-2024-34619 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 8.8 HIGH |
| Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||||
| CVE-2024-34615 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.8 HIGH |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. | |||||
| CVE-2024-34614 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.8 HIGH |
| Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-34612 | 1 Samsung | 1 Android | 2024-08-12 | N/A | 7.8 HIGH |
| Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-7550 | 1 Google | 1 Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-7536 | 1 Google | 1 Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-7533 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-7532 | 1 Google | 1 Chrome | 2024-08-12 | N/A | 8.8 HIGH |
| Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2024-42219 | 1 1password | 1 1password | 2024-08-12 | N/A | 7.8 HIGH |
| 1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. | |||||
| CVE-2024-28739 | 1 Koha | 1 Koha | 2024-08-12 | N/A | 7.2 HIGH |
| An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. | |||||
| CVE-2024-7287 | 1 Oretnom23 | 1 Establishment Billing Management System | 2024-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156. | |||||