Export limit exceeded: 74688 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74688 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8040 | 2024-10-16 | 7.7 High | ||
| An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data. | ||||
| CVE-2024-47645 | 1 Sajidjaved | 1 Top Bar-popups-by Wpoptin | 2024-10-16 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sajid Javed Top Bar – PopUps – by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar – PopUps – by WPOptin: from n/a through 2.0.1. | ||||
| CVE-2024-47637 | 1 Litespeed Technologies | 1 Litespeed Cache | 2024-10-16 | 8.8 High |
| : Relative Path Traversal vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Path Traversal.This issue affects LiteSpeed Cache: from n/a through 6.4.1. | ||||
| CVE-2024-49227 | 1 Innovawebspzoo | 1 Free Stock Photos Foter | 2024-10-16 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Innovaweb Sp. Z o.O. Free Stock Photos Foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through 1.5.4. | ||||
| CVE-2024-47351 | 1 Thecssigniterteam | 1 Maxslider | 2024-10-16 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3. | ||||
| CVE-2024-49253 | 1 James Park | 1 Analyse Uploads | 2024-10-16 | 8.6 High |
| Relative Path Traversal vulnerability in James Park Analyse Uploads allows Relative Path Traversal.This issue affects Analyse Uploads: from n/a through 0.5. | ||||
| CVE-2024-49251 | 1 Maantheme | 1 Maan Addons For Elementor | 2024-10-16 | 7.5 High |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Maantheme Maan Addons For Elementor allows Local Code Inclusion.This issue affects Maan Addons For Elementor: from n/a through 1.0.1. | ||||
| CVE-2024-49245 | 1 Ahime | 1 Ahime Image Printer | 2024-10-16 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ahime Ahime Image Printer.This issue affects Ahime Image Printer: from n/a through 1.0.0. | ||||
| CVE-2024-48029 | 1 Hung Trang Si | 1 Sb Random Posts Widget | 2024-10-16 | 7.5 High |
| : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hung Trang Si SB Random Posts Widget allows PHP Local File Inclusion.This issue affects SB Random Posts Widget: from n/a through 1.0. | ||||
| CVE-2024-49226 | 1 Taketin | 1 Taketin To Wp Membership | 2024-10-16 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0. | ||||
| CVE-2020-36839 | 2024-10-16 | 8.3 High | ||
| The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-22650 | 1 Suse | 1 Rancher | 2024-10-16 | 8.8 High |
| A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable. | ||||
| CVE-2024-22030 | 1 Suse | 1 Rancher | 2024-10-16 | 8 High |
| A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. | ||||
| CVE-2023-32193 | 1 Rancher | 1 Norman | 2024-10-16 | 8.3 High |
| A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. | ||||
| CVE-2024-47841 | 1 Wikimedia | 2 Mediawiki-extensions-css, Wikimedia-extensions-css | 2024-10-16 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9. | ||||
| CVE-2024-9785 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9786 | 2 D-link, Dlink | 3 Dir-619l B1, Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9910 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9911 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability was found in D-Link DIR-619L B1 2.06. It has been classified as critical. This affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9912 | 2 D-link, Dlink | 3 202l, Dir-619l, Dir-619l Firmware | 2024-10-16 | 8.8 High |
| A vulnerability was found in D-Link DIR-619L B1 2.06. It has been declared as critical. This vulnerability affects the function formSetQoS of the file /goform/formSetQoS. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||