Vulnerabilities (CVE)

Total 271657 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-27729 1 Friendica 1 Friendica 2024-09-11 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
CVE-2024-37286 1 Elastic 1 Apm Server 2024-09-11 N/A 6.5 MEDIUM
APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailable_shards_exception for a specific document, since the ES response line contains the document body, and that APM server logs the ES response line on error, the document is effectively logged.
CVE-2024-7500 1 Angeljudesuarez 1 Airline Reservation System 2024-09-11 6.5 MEDIUM 9.8 CRITICAL
A vulnerability was found in itsourcecode Airline Reservation System 1.0. It has been rated as critical. Affected by this issue is the function save_settings of the file admin/admin_class.php. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273626 is the identifier assigned to this vulnerability.
CVE-2024-7506 1 Angeljudesuarez 1 Tailoring Management System 2024-09-11 6.5 MEDIUM 8.8 HIGH
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setlogo.php. The manipulation of the argument bgimg leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273649 was assigned to this vulnerability.
CVE-2024-7505 1 Rainniar 1 Bike Delivery System 2024-09-11 7.5 HIGH 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in itsourcecode Bike Delivery System 1.0. Affected is an unknown function of the file contact_us_action.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273648.
CVE-2024-39817 1 Cybozu 1 Office 2024-09-11 N/A 6.5 MEDIUM
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
CVE-2024-7585 1 Tenda 2 I22, I22 Firmware 2024-09-11 9.0 HIGH 9.8 CRITICAL
A vulnerability has been found in Tenda i22 1.0.0.3(4687) and classified as critical. Affected by this vulnerability is the function formApPortalWebAuth of the file /goform/apPortalAuth. The manipulation of the argument webUserName/webUserPassword leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7584 1 Tenda 2 I22, I22 Firmware 2024-09-11 9.0 HIGH 9.8 CRITICAL
A vulnerability, which was classified as critical, was found in Tenda i22 1.0.0.3(4687). Affected is the function formApPortalPhoneAuth of the file /goform/apPortalPhoneAuth. The manipulation of the argument data leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-43114 1 Jetbrains 1 Teamcity 2024-09-11 N/A 7.8 HIGH
In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions
CVE-2024-42034 1 Huawei 2 Emui, Harmonyos 2024-09-11 N/A 5.5 MEDIUM
LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-42035 1 Huawei 2 Emui, Harmonyos 2024-09-11 N/A 7.8 HIGH
Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality.
CVE-2024-8147 1 Pharmacy Management System Project 1 Pharmacy Management System 2024-09-11 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-8011 1 Logitech 1 Options\+ 2024-09-11 N/A 5.5 MEDIUM
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
CVE-2023-48957 1 Purevpn 1 Purevpn 2024-09-11 N/A 5.3 MEDIUM
PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
CVE-2024-41732 1 Sap 1 Netweaver Application Server Abap 2024-09-11 N/A 5.4 MEDIUM
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.
CVE-2024-8317 1 Wpeka 1 Wp Adcenter 2024-09-11 N/A 5.4 MEDIUM
The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-8427 1 Wpshuffle 1 Frontend Post Submission Manager 2024-09-11 N/A 4.3 MEDIUM
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and forms.
CVE-2024-0104 1 Nvidia 7 Metrox-2, Metrox-3 Xc, Mlnx-gw and 4 more 2024-09-11 N/A 8.8 HIGH
NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges.
CVE-2024-39627 1 Imagely 1 Nextgen Gallery 2024-09-11 N/A 4.8 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Imagely NextGEN Gallery allows Stored XSS.This issue affects NextGEN Gallery: from n/a through 3.59.3.
CVE-2024-39629 1 Themegrill 1 Himalayas 2024-09-11 N/A 4.8 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2.