Export limit exceeded: 338066 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338066 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37840 | 1 Itsourcecode | 2 Learning Management System, Learning Management System Project In Php | 2025-06-10 | 8.8 High |
| SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter. | ||||
| CVE-2024-33300 | 1 Typora | 1 Typora | 2025-06-10 | 7.3 High |
| Typora v1.0.0 through v1.7 version (below) Markdown editor has a cross-site scripting (XSS) vulnerability, which allows attackers to execute arbitrary code by uploading Markdown files. | ||||
| CVE-2024-34401 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2025-06-10 | 6.1 Medium |
| Savsoft Quiz 6.0 allows stored XSS via the index.php/quiz/insert_quiz/ quiz_name parameter. | ||||
| CVE-2024-33921 | 1 Wpdeveloper | 1 Reviewx | 2025-06-10 | 4.3 Medium |
| Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | ||||
| CVE-2024-33789 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | 9.8 Critical |
| Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. | ||||
| CVE-2024-27453 | 1 Extremenetworks | 1 Extremexos | 2025-06-10 | 8.6 High |
| In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI). | ||||
| CVE-2024-34462 | 1 Alinto | 1 Sogo | 2025-06-10 | 6.1 Medium |
| Alinto SOGo through 5.10.0 allows XSS during attachment preview. | ||||
| CVE-2024-31580 | 2 Linuxfoundation, Pytorch | 2 Pytorch, Pytorch | 2025-06-10 | 4 Medium |
| PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-35618 | 1 Pingcap | 1 Tidb | 2025-06-10 | 7.5 High |
| PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRowContainer. | ||||
| CVE-2024-35373 | 2 Mocado, Mocodo | 2 Mocado, Mocodo Online | 2025-06-10 | 9.8 Critical |
| Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. | ||||
| CVE-2024-35374 | 1 Mocodo | 1 Mocodo Online | 2025-06-10 | 9.8 Critical |
| Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions. | ||||
| CVE-2024-34852 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | 6.3 Medium |
| F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful exploitation of this vulnerability may allow the attacker to execute system commands. | ||||
| CVE-2024-34854 | 1 F-logic | 2 Datacube3, Datacube3 Firmware | 2025-06-10 | 9.8 Critical |
| F-logic DataCube3 v1.0 is vulnerable to File Upload via `/admin/transceiver_schedule.php.` | ||||
| CVE-2023-36235 | 1 Webkul | 1 Qloapps | 2025-06-10 | 6.5 Medium |
| An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter. | ||||
| CVE-2023-30305 | 1 Linksys | 2 E5600, E5600 Firmware | 2025-06-10 | 7.5 High |
| An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service. | ||||
| CVE-2024-26529 | 1 Mz-automation | 1 Libiec61850 | 2025-06-10 | 7.5 High |
| An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c. | ||||
| CVE-2024-8474 | 1 Openvpn | 1 Connect | 2025-06-10 | 7.5 High |
| OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic | ||||
| CVE-2024-28882 | 1 Openvpn | 1 Openvpn | 2025-06-10 | 4.3 Medium |
| OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session | ||||
| CVE-2024-28391 | 2 Fme Modules, Fmemodules | 2 Quickproducttable Module For Pestashop, B2b Quick Order Form | 2025-06-10 | 9.8 Critical |
| SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. | ||||
| CVE-2024-22312 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-06-10 | 4.4 Medium |
| IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. | ||||