Vulnerabilities (CVE)

Total 79708 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-6781 1 Calibre-ebook 1 Calibre 2024-08-19 N/A 7.5 HIGH
Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.
CVE-2024-28962 1 Dell 3 Alienware Update, Command Update, Update 2024-08-19 N/A 7.5 HIGH
Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2024-7800 1 Oretnom23 1 Simple Online Bidding System 2024-08-19 6.5 MEDIUM 7.5 HIGH
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/bidding/admin/ajax.php?action=delete_product. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7497 1 Angeljudesuarez 1 Airline Reservation System 2024-08-19 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in itsourcecode Airline Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273623.
CVE-2024-7496 1 Angeljudesuarez 1 Airline Reservation System 2024-08-19 6.5 MEDIUM 8.8 HIGH
A vulnerability has been found in itsourcecode Airline Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273622 is the identifier assigned to this vulnerability.
CVE-2024-7799 1 Oretnom23 1 Simple Online Bidding System 2024-08-19 5.0 MEDIUM 7.3 HIGH
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-39388 3 Adobe, Apple, Microsoft 3 Substance 3d Stager, Macos, Windows 2024-08-19 N/A 7.8 HIGH
Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39390 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-08-19 N/A 7.8 HIGH
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39391 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-08-19 N/A 7.8 HIGH
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39393 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-08-19 N/A 7.8 HIGH
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39394 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-08-19 N/A 7.8 HIGH
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39778 1 F5 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more 2024-08-19 N/A 7.5 HIGH
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-39792 1 F5 1 Nginx Plus 2024-08-19 N/A 7.5 HIGH
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-39809 1 F5 1 Big-ip Next Central Manager 2024-08-19 N/A 8.8 HIGH
The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-39949 1 Dahuasecurity 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more 2024-08-19 N/A 7.5 HIGH
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
CVE-2024-39948 1 Dahuasecurity 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more 2024-08-19 N/A 7.5 HIGH
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
CVE-2024-39389 3 Adobe, Apple, Microsoft 3 Indesign, Macos, Windows 2024-08-19 N/A 7.8 HIGH
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-39946 1 Dahuasecurity 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more 2024-08-19 N/A 7.2 HIGH
A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.
CVE-2024-39944 1 Dahuasecurity 116 Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware, Ipc-hfs8849g-z3-led and 113 more 2024-08-19 N/A 7.5 HIGH
A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.
CVE-2024-7832 1 Dlink 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more 2024-08-19 9.0 HIGH 8.8 HIGH
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_get_fullscreen_photos of the file /cgi-bin/photocenter_mgr.cgi. The manipulation of the argument user leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.