Total
3674 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31022 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component. | |||||
| CVE-2024-31013 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in emlog version Pro 2.3, allow remote attackers to execute arbitrary code via a crafted payload to the bottom of the homepage in footer_info parameter. | |||||
| CVE-2024-31011 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. | |||||
| CVE-2024-31003 | 2024-11-21 | N/A | N/A | ||
| Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial at Ap4ByteStream.cpp. | |||||
| CVE-2024-30973 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. | |||||
| CVE-2024-30923 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering | |||||
| CVE-2024-30878 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive parameter. | |||||
| CVE-2024-30868 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/add_getlogin.php. | |||||
| CVE-2024-30858 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| netentsec NS-ASG 6.3 is vulnerable to SQL Injection via /admin/edit_fire_wall.php. | |||||
| CVE-2024-30845 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Rainbow external link network disk v.5.5 allows a remote attacker to execute arbitrary code via the validation component of the input parameters. | |||||
| CVE-2024-30568 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter. | |||||
| CVE-2024-30567 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. | |||||
| CVE-2024-30565 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue was discovered in SeaCMS version 12.9, allows remote attackers to execute arbitrary code via admin notify.php. | |||||
| CVE-2024-30202 | 2024-11-21 | N/A | 7.8 HIGH | ||
| In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. | |||||
| CVE-2024-2610 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||||
| CVE-2024-2497 | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-2209 | 2024-11-21 | N/A | 6.3 MEDIUM | ||
| A user with administrative privileges can create a compromised dll file of the same name as the original dll within the HP printer’s Firmware Update Utility (FUU) bundle and place it in the Microsoft Windows default downloads directory which can lead to potential arbitrary code execution. | |||||
| CVE-2024-2195 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise. | |||||
| CVE-2024-2097 | 2024-11-21 | N/A | 7.5 HIGH | ||
| Authenticated List control client can execute the LINQ query in SCM Server to present event as list for operator. An authenticated malicious client can send special LINQ query to execute arbitrary code remotely (RCE) on the SCM Server that an attacker otherwise does not have authorization to do. | |||||
| CVE-2024-2016 | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability. | |||||