Total
91937 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31828 | 2024-04-26 | N/A | N/A | ||
| Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL. | |||||
| CVE-2024-31741 | 2024-04-26 | N/A | N/A | ||
| Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. | |||||
| CVE-2024-31551 | 2024-04-26 | N/A | N/A | ||
| Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request. | |||||
| CVE-2024-30804 | 2024-04-26 | N/A | N/A | ||
| An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. | |||||
| CVE-2024-28322 | 2024-04-26 | N/A | N/A | ||
| SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the event_id parameter in a crafted POST request. | |||||
| CVE-2024-31601 | 2024-04-26 | N/A | N/A | ||
| An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component. | |||||
| CVE-2024-31502 | 2024-04-26 | N/A | N/A | ||
| An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff. | |||||
| CVE-2024-28326 | 2024-04-26 | N/A | N/A | ||
| Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface. | |||||
| CVE-2024-25343 | 2024-04-26 | N/A | N/A | ||
| Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. | |||||
| CVE-2023-26603 | 2024-04-26 | N/A | N/A | ||
| JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer. | |||||
| CVE-2022-48611 | 2024-04-26 | N/A | N/A | ||
| A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | |||||
| CVE-2024-28327 | 2024-04-26 | N/A | N/A | ||
| Asus RT-N12+ B1 router stores user passwords in plaintext, which could allow local attackers to obtain unauthorized access and modify router settings. | |||||
| CVE-2024-28325 | 2024-04-26 | N/A | N/A | ||
| Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | |||||
| CVE-2024-33342 | 2024-04-26 | N/A | N/A | ||
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in SetPlcNetworkpwd function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2024-33343 | 2024-04-26 | N/A | N/A | ||
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ChgSambaUserSettings function of prog.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2024-33344 | 2024-04-26 | N/A | N/A | ||
| D-Link DIR-822+ V1.0.5 was found to contain a command injection in ftext function of upload_firmware.cgi, which allows remote attackers to execute arbitrary commands via shell. | |||||
| CVE-2013-6381 | 1 Linux | 1 Linux Kernel | 2024-04-26 | 6.9 MEDIUM | N/A |
| Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. | |||||
| CVE-2007-6420 | 2 Apache, Canonical | 2 Http Server, Ubuntu Linux | 2024-04-26 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2012-0507 | 4 Debian, Oracle, Sun and 1 more | 7 Debian Linux, Jre, Jre and 4 more | 2024-04-26 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | |||||
| CVE-2013-0431 | 1 Oracle | 2 Jre, Openjdk | 2024-04-26 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX, aka "Issue 52," a different vulnerability than CVE-2013-1490. | |||||