Total
3577 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37124 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed. | |||||
| CVE-2024-37014 | 1 Langflow | 1 Langflow | 2024-07-03 | N/A | 9.8 CRITICAL |
| Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script. | |||||
| CVE-2024-36679 | 2024-07-03 | N/A | 10.0 CRITICAL | ||
| In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a white writer that can inject PHP code into a PHP file. | |||||
| CVE-2024-36598 | 2024-07-03 | N/A | 8.1 HIGH | ||
| An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. | |||||
| CVE-2024-36575 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. | |||||
| CVE-2024-36568 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. | |||||
| CVE-2024-36078 | 2024-07-03 | N/A | 6.7 MEDIUM | ||
| In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user). | |||||
| CVE-2024-35581 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. | |||||
| CVE-2024-34405 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. | |||||
| CVE-2024-34225 | 2024-07-03 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in php-lms/admin/?page=system_info in Computer Laboratory Management System using PHP and MySQL 1.0 allow remote attackers to inject arbitrary web script or HTML via the name, shortname parameters. | |||||
| CVE-2024-33445 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| An issue in hisiphp v2.0.111 allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. | |||||
| CVE-2024-33442 | 2024-07-03 | N/A | 4.3 MEDIUM | ||
| An issue in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_post.php component. | |||||
| CVE-2024-33430 | 2024-07-03 | N/A | 8.8 HIGH | ||
| An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. | |||||
| CVE-2024-33394 | 2024-07-03 | N/A | 5.9 MEDIUM | ||
| An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | |||||
| CVE-2024-33335 | 2024-07-03 | N/A | 6.3 MEDIUM | ||
| SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. | |||||
| CVE-2024-33294 | 2024-07-03 | N/A | 9.1 CRITICAL | ||
| An issue in Library System using PHP/MySQli with Source Code V1.0 allows a remote attacker to execute arbitrary code via the _FAILE variable in the student_edit_photo.php component. | |||||
| CVE-2024-32925 | 2024-07-03 | N/A | 8.8 HIGH | ||
| In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32492 | 2024-07-03 | N/A | 7.1 HIGH | ||
| An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript. | |||||
| CVE-2024-32491 | 2024-07-03 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server. | |||||
| CVE-2024-32406 | 2024-07-03 | N/A | 7.5 HIGH | ||
| Server-Side Template Injection (SSTI) vulnerability in inducer relate before v.2024.1 allows a remote attacker to execute arbitrary code via a crafted payload to the Batch-Issue Exam Tickets function. | |||||