Export limit exceeded: 74540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74540 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46424 | 1 Totolink | 3 Ac1200 T8 Firmware, T8, T8 Firmware | 2024-09-17 | 7.5 High |
| TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. | ||||
| CVE-2024-1621 | 1 Nt-ware | 3 Uniflow Online, Uniflow Online Print \& Scan, Uniflow Smartclient | 2024-09-17 | 7.5 High |
| The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when email login is enabled on the tenant. Those tenants utilising email login in combination with Microsoft Safe Links or similar are impacted. This vulnerability may allow the attacker to register themselves against a genuine user in the system and allow malicious users with similar access and capabilities via the app to the existing genuine user. | ||||
| CVE-2024-38811 | 1 Vmware | 1 Fusion | 2024-09-17 | 8.8 High |
| VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. | ||||
| CVE-2024-8779 | 1 Syscomgo | 1 Omflow | 2024-09-17 | 8.8 High |
| OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server. | ||||
| CVE-2024-39402 | 1 Adobe | 2 Commerce, Magento | 2024-09-17 | 8.4 High |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. | ||||
| CVE-2024-39401 | 1 Adobe | 2 Commerce, Magento | 2024-09-17 | 8.4 High |
| Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker. Exploitation of this issue requires user interaction and scope is changed. | ||||
| CVE-2024-8868 | 1 Code-projects | 1 Crud Operation System | 2024-09-17 | 7.3 High |
| A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39585 | 1 Dell | 1 Smartfabric Os10 | 2024-09-17 | 7.9 High |
| Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. | ||||
| CVE-2024-0108 | 1 Nvidia | 17 Jetson Agx Xavier, Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb and 14 more | 2024-09-16 | 8.7 High |
| NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead to denial of service, code execution, and escalation of privileges. | ||||
| CVE-2024-45855 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 7.1 High |
| Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it. | ||||
| CVE-2024-45854 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 7.1 High |
| Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it. | ||||
| CVE-2024-45853 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 7.1 High |
| Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction. | ||||
| CVE-2024-45852 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with. | ||||
| CVE-2024-45851 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-45850 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-45849 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-45848 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-45847 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-45846 | 1 Mindsdb | 1 Mindsdb | 2024-09-16 | 8.8 High |
| An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server. | ||||
| CVE-2024-28100 | 1 Elabftw | 1 Elabftw | 2024-09-16 | 8.9 High |
| eLabFTW is an open source electronic lab notebook for research labs. By uploading specially crafted files, a regular user can create a circumstance where a visitor's browser runs arbitrary JavaScript code in the context of the eLabFTW application. This can be triggered by the visitor viewing a list of experiments. Viewing this allows the malicious script to act on behalf of the visitor in any way, including the creation of API keys for persistence, or other options normally available to the user. If the user viewing the page has the sysadmin role in eLabFTW, the script can act as a sysadmin (including system configuration and extensive user management roles). Users are advised to upgrade to at least version 5.0.0. There are no known workarounds for this vulnerability. | ||||