Export limit exceeded: 335274 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74723 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74723 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21537 | 1 Antonk52 | 1 Lilconfig | 2024-11-01 | 8.8 High |
| Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function. | ||||
| CVE-2024-37573 | 1 Talkatone | 1 Talkatone | 2024-11-01 | 8.4 High |
| The Talkatone com.talkatone.android application 8.4.6 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.talkatone.vedroid.ui.launcher.OutgoingCallInterceptor component. | ||||
| CVE-2024-36060 | 1 Engeniustech | 1 Enstation5-ac Firmware | 2024-11-01 | 8.8 High |
| EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters. | ||||
| CVE-2024-0128 | 1 Nvidia | 2 Cloud Gaming Virtual Gpu, Virtual Gpu Manager | 2024-11-01 | 7.1 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | ||||
| CVE-2024-0127 | 1 Nvidia | 2 Cloud Gaming Virtual Gpu, Virtual Gpu Manager | 2024-11-01 | 7.8 High |
| NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. | ||||
| CVE-2024-0126 | 1 Nvidia | 3 Cloud Gaming Virtual Gpu, Gpu Display Driver, Virtual Gpu Manager | 2024-11-01 | 8.2 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-49643 | 1 Abdullahirfan | 1 Whitelist | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5. | ||||
| CVE-2024-49645 | 1 Soft-master | 1 Affiliate Platform | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8. | ||||
| CVE-2024-47640 | 1 Wedevs | 1 Wp Erp | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2. | ||||
| CVE-2022-30358 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 8.8 High |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required. | ||||
| CVE-2024-49632 | 1 Coralwebdesign | 1 Cwd 3d Image Gallery | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS.This issue affects CWD 3D Image Gallery: from n/a through 1.0. | ||||
| CVE-2022-30356 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | 8.8 High |
| OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege. | ||||
| CVE-2024-49634 | 1 Rimonhabib | 1 Bp Member Type Manager | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through 1.01. | ||||
| CVE-2024-49641 | 1 Tidaweb | 1 Tida Url Screenshot | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tidaweb Tida URL Screenshot allows Reflected XSS.This issue affects Tida URL Screenshot: from n/a through 1.0. | ||||
| CVE-2024-49639 | 1 Edwardstoever | 1 Monitor.chat | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Edward Stoever Monitor.Chat allows Reflected XSS.This issue affects Monitor.Chat: from n/a through 1.1.1. | ||||
| CVE-2024-49638 | 1 Aliazlan | 1 Risk Warning Bar | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ali Azlan Risk Warning Bar allows Reflected XSS.This issue affects Risk Warning Bar: from n/a through 1.0. | ||||
| CVE-2024-7783 | 2 Miniplex Labs, Mintplexlabs | 2 Miniplex Labs\/anything Lim, Anythingllm | 2024-10-31 | 7.5 High |
| mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3. | ||||
| CVE-2024-48227 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 7.5 High |
| Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). | ||||
| CVE-2024-48224 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 7.5 High |
| Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. | ||||
| CVE-2024-49635 | 2 Manzurul Haque, Manzurulhaque | 2 Banner Slider, Banner Slider | 2024-10-31 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manzurul Haque Banner Slider allows Reflected XSS.This issue affects Banner Slider: from n/a through 2.1. | ||||