Vulnerabilities (CVE)

Total 239404 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-21502 2024-02-24 N/A 7.5 HIGH
Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability.
CVE-2024-21501 2024-02-24 N/A 5.3 MEDIUM
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
CVE-2024-1810 2024-02-24 N/A 6.1 MEDIUM
The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-22395 2024-02-24 N/A 6.3 MEDIUM
Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application.
CVE-2024-26192 2024-02-23 N/A 8.2 HIGH
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-26188 2024-02-23 N/A 4.3 MEDIUM
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2024-25469 2024-02-23 N/A N/A
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
CVE-2024-24681 2024-02-23 N/A N/A
Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents.
CVE-2024-22988 2024-02-23 N/A N/A
An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component.
CVE-2024-27133 2024-02-23 N/A 7.5 HIGH
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
CVE-2024-27132 2024-02-23 N/A 7.5 HIGH
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.
CVE-2024-25730 2024-02-23 N/A N/A
Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities).
CVE-2024-24310 2024-02-23 N/A N/A
In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection.
CVE-2024-24309 2024-02-23 N/A N/A
In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction.
CVE-2024-21423 2024-02-23 N/A 4.8 MEDIUM
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2021-44457 2024-02-23 N/A N/A
CVE-2021-43351 2024-02-23 N/A N/A
CVE-2021-41860 2024-02-23 N/A N/A
CVE-2021-41859 2024-02-23 N/A N/A
CVE-2021-41858 2024-02-23 N/A N/A