Vulnerabilities (CVE)

Total 82161 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-42392 1 Cesanta 1 Mongoose 2024-11-19 N/A 7.5 HIGH
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters.
CVE-2024-42385 1 Cesanta 1 Mongoose 2024-11-19 N/A 7.0 HIGH
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters.
CVE-2024-42386 1 Cesanta 1 Mongoose 2024-11-19 N/A 7.5 HIGH
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.
CVE-2024-52293 1 Craftcms 1 Craft Cms 2024-11-19 N/A 7.2 HIGH
Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3.
CVE-2024-25253 2024-11-19 N/A 7.5 HIGH
Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module.
CVE-2021-3742 1 Chatwoot 1 Chatwoot 2024-11-19 N/A 8.8 HIGH
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used as an avatar and opened in a new tab, it can trigger the SSRF, potentially leading to host redirection.
CVE-2024-10800 1 Vanquish 1 User Extra Fields 2024-11-19 N/A 8.8 HIGH
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to add custom fields that can be updated and then use the check_and_overwrite_wp_or_woocommerce_fields function to update the wp_capabilities field to have administrator privileges.
CVE-2024-10311 1 Cmorillas1 1 External Database Based Actions 2024-11-19 N/A 8.8 HIGH
The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator.
CVE-2024-9409 1 Schneider-electric 6 Powerlogic Pm5320, Powerlogic Pm5320 Firmware, Powerlogic Pm5340 and 3 more 2024-11-19 N/A 7.5 HIGH
CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.
CVE-2024-11213 1 Mayurik 1 Best Employee Management System 2024-11-19 5.8 MEDIUM 7.2 HIGH
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-11212 1 Mayurik 1 Best Employee Management System 2024-11-19 6.5 MEDIUM 8.8 HIGH
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-31671 1 Linuxfoundation 1 Harbor 2024-11-19 N/A 7.4 HIGH
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read all the job logs stored in the Harbor database.
CVE-2024-11214 1 Mayurik 1 Best Employee Management System 2024-11-19 5.8 MEDIUM 7.2 HIGH
A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/profile.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes.
CVE-2022-31668 1 Linuxfoundation 1 Harbor 2024-11-19 N/A 7.7 HIGH
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.
CVE-2022-31670 1 Linuxfoundation 1 Harbor 2024-11-19 N/A 7.7 HIGH
Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects.
CVE-2022-31669 1 Linuxfoundation 1 Harbor 2024-11-19 N/A 7.7 HIGH
Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects.
CVE-2024-43530 1 Microsoft 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more 2024-11-19 N/A 7.8 HIGH
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-43598 1 Microsoft 1 Lightgbm 2024-11-19 N/A 8.1 HIGH
LightGBM Remote Code Execution Vulnerability
CVE-2024-43624 1 Microsoft 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more 2024-11-19 N/A 8.8 HIGH
Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43626 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2024-11-19 N/A 7.8 HIGH
Windows Telephony Service Elevation of Privilege Vulnerability