Total
92567 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-33122 | 2024-05-07 | N/A | N/A | ||
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list() function. | |||||
CVE-2024-33860 | 2024-05-07 | N/A | N/A | ||
An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. | |||||
CVE-2023-42757 | 2024-05-07 | N/A | N/A | ||
Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur through an issue in wcscat_s error handling. | |||||
CVE-2024-34315 | 2024-05-07 | N/A | N/A | ||
CmsEasy v7.7.7.9 was discovered to contain a local file inclusion vunerability via the file_get_contents function in the fckedit_action method of /admin/template_admin.php. This vulnerability allows attackers to read arbitrary files. | |||||
CVE-2024-25507 | 2024-05-07 | N/A | N/A | ||
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx. | |||||
CVE-2024-25512 | 2024-05-07 | N/A | N/A | ||
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx. | |||||
CVE-2023-46012 | 2024-05-07 | N/A | N/A | ||
Buffer Overflow vulnerability LINKSYS EA7500 3.0.1.207964 allows a remote attacker to execute arbitrary code via an HTTP request to the IGD UPnP. | |||||
CVE-2024-25511 | 2024-05-07 | N/A | N/A | ||
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx. | |||||
CVE-2024-33164 | 2024-05-07 | N/A | N/A | ||
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function. | |||||
CVE-2024-33149 | 2024-05-07 | N/A | N/A | ||
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function. | |||||
CVE-2024-33124 | 2024-05-07 | N/A | N/A | ||
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode() function.. | |||||
CVE-2024-25513 | 2024-05-07 | N/A | N/A | ||
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx. | |||||
CVE-2024-33139 | 2024-05-07 | N/A | N/A | ||
J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the findpage function. | |||||
CVE-2024-4558 | 2024-05-07 | N/A | N/A | ||
Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2024-33859 | 2024-05-07 | N/A | N/A | ||
An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS. | |||||
CVE-2024-34455 | 2024-05-07 | N/A | N/A | ||
Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2. | |||||
CVE-2022-34623 | 2024-05-07 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32425. Reason: This candidate is a duplicate of CVE-2022-32425. Notes: All CVE users should reference CVE-2022-32425 instead of this candidate. | |||||
CVE-2022-37249 | 2024-05-07 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
CVE-2024-34533 | 2024-05-07 | N/A | N/A | ||
A SQL injection vulnerability in ZI PT Solusi Usaha Mudah Analytic Data Query module (aka izi_data) 11.0 through 17.x before 17.0.3 allows a remote attacker to gain privileges via a query to IZITools::query_check, IZITools::query_fetch, or IZITools::query_execute. | |||||
CVE-2024-33118 | 2024-05-07 | N/A | N/A | ||
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController. |