Export limit exceeded: 74725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74725 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50416 | 1 Wpclever | 1 Wpc Shop As A Customer For Woocommerce | 2024-10-29 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through 1.2.6. | ||||
| CVE-2024-50481 | 1 Stack Themes | 1 Bstone Demo Importer | 2024-10-29 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Stack Themes Bstone Demo Importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through 1.0.1. | ||||
| CVE-2024-10436 | 1 Wpclever | 1 Wpc Smart Messages For Woocommerce | 2024-10-29 | 8.8 High |
| The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.1 via the get_condition_value function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-50550 | 1 Litespeed Technologies | 1 Litespeed Cache | 2024-10-29 | 8.1 High |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through 6.5.1. | ||||
| CVE-2024-42028 | 1 Ubiquiti | 1 Unifi Network Application | 2024-10-29 | 8.8 High |
| A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server. | ||||
| CVE-2024-49650 | 2024-10-29 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in xarbo BuddyPress Greeting Message allows Reflected XSS.This issue affects BuddyPress Greeting Message: from n/a through 1.0.3. | ||||
| CVE-2024-9593 | 1 Wpplugin | 2 Time Clock, Time Clock Pro | 2024-10-29 | 8.3 High |
| The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 (for Time Clock) and 1.1.4 (for Time Clock Pro) via the 'etimeclockwp_load_function_callback' function. This allows unauthenticated attackers to execute code on the server. The invoked function's parameters cannot be specified. | ||||
| CVE-2024-47023 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-8392 | 2024-10-28 | 7.2 High | ||
| The WordPress Post Grid Layouts with Pagination – Sogrid plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.2 via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This can also be exploited via CSRF techniques. | ||||
| CVE-2024-45242 | 1 Engeniustech | 1 Enh1350ext Firmware | 2024-10-28 | 7.8 High |
| EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions. | ||||
| CVE-2024-9890 | 1 Deryck Onate | 1 User Toolkit | 2024-10-28 | 8.8 High |
| The User Toolkit plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.3. This is due to an improper capability check in the 'switchUser' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. | ||||
| CVE-2024-47024 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47027 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47033 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47017 | 1 Google | 1 Android | 2024-10-28 | 7.8 High |
| In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-10130 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-10-28 | 8.8 High |
| A vulnerability classified as critical was found in Tenda AC8 16.03.34.06. This vulnerability affects the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-10123 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2024-10-28 | 8.8 High |
| A vulnerability was found in Tenda AC8 16.03.34.06. It has been declared as critical. Affected by this vulnerability is the function compare_parentcontrol_time of the file /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This is not the same issue like CVE-2023-33671. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-46998 | 1 Basercms | 1 Basercms | 2024-10-28 | 7.1 High |
| baserCMS is a website development framework. Versions prior to 5.1.2 have a cross-site scripting vulnerability in the Edit Email Form Settings Feature. Version 5.1.2 fixes the issue. | ||||
| CVE-2024-47881 | 1 Openrefine | 1 Openrefine | 2024-10-28 | 8.1 High |
| OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the `database` extension, the "enable_load_extension" property can be set for the SQLite integration, enabling an attacker to load (local or remote) extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Version 3.8.3 fixes this issue. | ||||
| CVE-2024-44101 | 1 Google | 1 Android | 2024-10-28 | 7.5 High |
| there is a possible Null Pointer Dereference (modem crash) due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||