VYPR

CVEs

100,097 total · page 665 of 2,002

  • CVE-2024-37890HigJun 17, 2024
    risk 0.42cvss 7.5epss 0.01

    ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in ws@8.17.1 (e55e510) and backported to ws@7.5.10 (22c2876), ws@6.2.3…

  • CVE-2024-37305HigJun 17, 2024
    risk 0.46cvss 8.2epss 0.00

    oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at…

  • CVE-2024-38449HigJun 17, 2024
    risk 0.50cvss 7.7epss 0.01

    A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application.

  • CVE-2024-37840HigJun 17, 2024
    risk 0.57cvss 8.8epss 0.01

    SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter.

  • CVE-2024-37795HigJun 17, 2024
    risk 0.49cvss 7.5epss 0.00

    A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors.

  • CVE-2024-37794HigJun 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file.

  • CVE-2024-36973HigJun 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function…

  • CVE-2024-36577HigJun 17, 2024
    risk 0.47cvss 8.3epss 0.00

    apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.

  • CVE-2024-0397HigJun 17, 2024
    risk 0.41cvss 7.4epss 0.01

    A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are…

  • CVE-2024-4032HigJun 17, 2024
    risk 0.42cvss 7.5epss 0.01

    The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network,…

  • CVE-2024-36581HigJun 17, 2024
    risk 0.49cvss 7.6epss 0.01

    A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm.

  • CVE-2024-37848HigJun 17, 2024
    risk 0.55cvss 8.4epss 0.00

    SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component.

  • CVE-2024-37621HigJun 17, 2024
    risk 0.47cvss 7.2epss 0.01

    StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php.

  • CVE-2024-36583HigJun 17, 2024
    risk 0.53cvss 8.1epss 0.01

    A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index.

  • CVE-2024-5650HigJun 17, 2024
    risk 0.55cvss 8.5epss 0.00

    DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one,…

  • CVE-2024-6045HigJun 17, 2024
    risk 0.58cvss 8.8epss 0.06

    Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained…

  • CVE-2024-6043HigJun 17, 2024
    risk 0.48cvss 7.3epss 0.02

    A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack…

  • CVE-2024-6042HigJun 17, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be…

  • CVE-2024-38467HigJun 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API.

  • CVE-2024-38461HigJun 16, 2024
    risk 0.49cvss 7.5epss 0.00

    irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory.

  • CVE-2024-38459HigJun 16, 2024
    risk 0.44cvss 7.8epss 0.00

    langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.

  • CVE-2024-38458HigJun 16, 2024
    risk 0.57cvss 8.8epss 0.01

    Xenforo before 2.2.16 allows code injection.

  • CVE-2024-38457HigJun 16, 2024
    risk 0.58cvss 8.8epss 0.07

    Xenforo before 2.2.16 allows CSRF.

  • CVE-2024-38440HigJun 16, 2024
    risk 0.49cvss 7.5epss 0.01

    Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0)…

  • CVE-2024-38427HigJun 16, 2024
    risk 0.57cvss 8.8epss 0.01

    In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false.

  • CVE-2024-27275HigJun 15, 2024
    risk 0.48cvss 7.4epss 0.00

    IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to…

  • CVE-2024-6000HigJun 15, 2024
    risk 0.46cvss 7.1epss 0.01

    The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated…

  • CVE-2024-3813HigJun 15, 2024
    risk 0.57cvss 8.8epss 0.01

    The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'td_block_title' shortcode 'block_template_id' attribute. This makes it possible for authenticated attackers, with contributor-level and above…

  • CVE-2024-2544HigJun 15, 2024
    risk 0.48cvss 7.4epss 0.00

    The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on all AJAX actions. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform multiple…

  • CVE-2023-6696HigJun 15, 2024
    risk 0.46cvss 8.1epss 0.00

    The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions…

  • CVE-2024-6003HigJun 14, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is…

  • CVE-2024-36600HigJun 14, 2024
    risk 0.00cvss 8.4epss 0.00

    Buffer Overflow Vulnerability in libcdio 2.2.0 (fixed in 2.3.0) allows an attacker to execute arbitrary code via a crafted ISO 9660 image file.

  • CVE-2024-36598HigJun 14, 2024
    risk 0.53cvss 8.1epss 0.01

    An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file.

  • CVE-2024-36597HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.02

    Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.

  • CVE-2024-24320HigJun 14, 2024
    risk 0.58cvss 8.8epss 0.04

    Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function.

  • CVE-2024-37369HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.00

    A privilege escalation vulnerability exists in the affected product. The vulnerability allows low-privilege users to edit scripts, bypassing Access Control Lists, and potentially gaining further access within the system.

  • CVE-2024-37882HigJun 14, 2024
    risk 0.00cvss 8.1epss 0.01

    Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise…

  • CVE-2024-37645HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog .

  • CVE-2024-37643HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth .

  • CVE-2024-37641HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule

  • CVE-2024-37644HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.00

    TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root.

  • CVE-2024-37368HigJun 14, 2024
    risk 0.49cvss 7.5epss 0.01

    A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. Due to the lack of proper authentication, this…

  • CVE-2024-37367HigJun 14, 2024
    risk 0.49cvss 7.5epss 0.01

    A user authentication vulnerability exists in the Rockwell Automation FactoryTalk® View SE v12. The vulnerability allows a user from a remote system with FTView to send a packet to the customer’s server to view an HMI project. This action is allowed without proper…

  • CVE-2024-37313HigJun 14, 2024
    risk 0.00cvss 7.3epss 0.00

    Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and…

  • CVE-2024-34694HigJun 14, 2024
    risk 0.46cvss 8.1epss 0.01

    LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for…

  • CVE-2024-33377HigJun 14, 2024
    risk 0.53cvss 8.1epss 0.00

    LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web page.

  • CVE-2024-37640HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg.

  • CVE-2024-37639HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.01

    TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules.

  • CVE-2024-2024HigJun 14, 2024
    risk 0.57cvss 8.8epss 0.03

    The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and…

  • CVE-2024-36459HigJun 14, 2024
    risk 0.55cvss epss 0.00

    A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.