Export limit exceeded: 74448 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74448 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8193 | 1 Google | 1 Chrome | 2024-09-05 | 8.8 High |
| Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-39825 | 1 Zoom | 6 Rooms, Vdi Windows Meeting Client, Workplace and 3 more | 2024-09-04 | 8.5 High |
| Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. | ||||
| CVE-2024-44820 | 1 Zzcms | 1 Zzcms | 2024-09-04 | 7.5 High |
| A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP environment, including server configuration, loaded modules, and environment variables. | ||||
| CVE-2024-38868 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2024-09-04 | 7.6 High |
| Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 | ||||
| CVE-2024-7927 | 1 Zzcms | 1 Zzcms | 2024-09-04 | 7.3 High |
| A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7926 | 1 Zzcms | 1 Zzcms | 2024-09-04 | 7.3 High |
| A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39776 | 2 Avtec, Avtecinc | 5 Outpost 0810, Outpost Uploader Utility, Outpost 0810 and 2 more | 2024-09-04 | 7.5 High |
| Avtec Outpost stores sensitive information in an insecure location without proper access controls in place. | ||||
| CVE-2024-42418 | 2 Avtec, Avtecinc | 5 Outpost 0810, Outpost Uploader Utility, Outpost 0810 and 2 more | 2024-09-04 | 7.5 High |
| Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information. | ||||
| CVE-2024-45048 | 2 Phpoffice, Phpspreadsheet Project | 2 Phpspreadsheet, Phpspreadsheet | 2024-09-04 | 8.8 High |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions are subject to a bypassing of a filter which allows for an XXE-attack. This in turn allows attacker to obtain contents of local files, even if error reporting is muted. This vulnerability has been addressed in release version 2.2.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-8327 | 2 Easy Test Online Learning And Testing Platform Project, Hwa Jiuh Digital Technology | 2 Easy Test Online Learning And Testing Platform, Easy Test Online Learning And Testing Platform | 2024-09-04 | 8.8 High |
| Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2024-38386 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-09-04 | 8.4 High |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-8343 | 2 Oretnom23, Sourcecodester | 2 Sentiment Based Movie Rating System, Sentiment Based Movie Rating System | 2024-09-04 | 7.3 High |
| A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=save_client of the component User Registration Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39816 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-09-04 | 8.4 High |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | ||||
| CVE-2024-41157 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-09-04 | 8.8 High |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. | ||||
| CVE-2024-8004 | 2 3ds, Dassault | 4 3dexperience Enovia, 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 and 1 more | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-7938 | 2 3ds, Dassault | 3 3dexperience, 3dswymer 3dexperience 2023, 3dswymer 3dexperience 2024 | 2024-09-04 | 8.7 High |
| A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | ||||
| CVE-2024-6672 | 1 Progress | 2 Whatsup Gold, Whatsupgold | 2024-09-04 | 8.8 High |
| In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. | ||||
| CVE-2024-6716 | 2024-09-04 | 7.5 High | ||
| Invalid security issue. | ||||
| CVE-2024-43921 | 1 Magic-post-thumbnail | 1 Magic Post Thumbnail | 2024-09-04 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Magic Post Thumbnail allows Reflected XSS.This issue affects Magic Post Thumbnail: from n/a through 5.2.9. | ||||
| CVE-2024-43776 | 2 Easytest, Huaju | 2 Easytest Online Test Platform, Easytest Online Learning Test Platform | 2024-09-04 | 8.8 High |
| SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. | ||||