Vulnerabilities (CVE)

Total 23421 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-24133 1 Atmail 1 Atmail 2024-02-16 N/A 9.8 CRITICAL
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.
CVE-2004-0005 1 Gaim Project 1 Gaim 2024-02-16 7.5 HIGH 9.8 CRITICAL
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
CVE-2003-0356 1 Ethereal 1 Ethereal 2024-02-16 10.0 HIGH 9.8 CRITICAL
Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions.
CVE-2024-20719 1 Adobe 1 Commerce 2024-02-16 N/A 9.1 CRITICAL
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access.
CVE-2024-20720 1 Adobe 1 Commerce 2024-02-16 N/A 9.1 CRITICAL
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction.
CVE-2023-3457 1 Sanchitkmr 1 Shopping Website 2024-02-16 6.5 MEDIUM 9.8 CRITICAL
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.
CVE-2023-3458 1 Sanchitkmr 1 Shopping Website 2024-02-16 6.5 MEDIUM 9.8 CRITICAL
A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675.
CVE-2024-25220 1 Task Manager In Php With Source Code Project 1 Task Manager In Php With Source Code 2024-02-16 N/A 9.8 CRITICAL
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php.
CVE-2024-25222 1 Task Manager In Php With Source Code Project 1 Task Manager In Php With Source Code 2024-02-16 N/A 9.8 CRITICAL
Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php.
CVE-2024-21915 2024-02-16 N/A 9.0 CRITICAL
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.
CVE-2022-48328 1 Misp 1 Misp 2024-02-16 N/A 9.8 CRITICAL
app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.
CVE-2003-1233 1 Pedestalsoftware 1 Integrity Protection Driver 2024-02-16 2.1 LOW 9.8 CRITICAL
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
CVE-2023-22515 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-02-16 N/A 9.8 CRITICAL
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CVE-2001-1155 1 Freebsd 1 Freebsd 2024-02-16 7.5 HIGH 9.8 CRITICAL
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
CVE-2024-23742 1 Loom 1 Loom 2024-02-16 N/A 9.8 CRITICAL
An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVE-2024-23741 1 Hyper 1 Hyper 2024-02-16 N/A 9.8 CRITICAL
An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVE-2024-23740 1 Getkap 1 Kap 2024-02-16 N/A 9.8 CRITICAL
An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVE-2024-23739 2 Apple, Discord 2 Macos, Discord 2024-02-16 N/A 9.8 CRITICAL
An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVE-2024-23738 2 Apple, Postman 2 Macos, Postman 2024-02-16 N/A 9.8 CRITICAL
An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.
CVE-2023-50643 1 Evernote 1 Evernote 2024-02-16 N/A 9.8 CRITICAL
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.