Total
258075 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2024-07-26 | N/A | 8.8 HIGH |
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. | |||||
CVE-2023-7271 | 1 Huawei | 2 Emui, Harmonyos | 2024-07-26 | N/A | 5.5 MEDIUM |
Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2024-39304 | 2024-07-26 | N/A | 8.8 HIGH | ||
ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue. | |||||
CVE-2024-38872 | 2024-07-26 | N/A | 8.3 HIGH | ||
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | |||||
CVE-2024-38871 | 2024-07-26 | N/A | 8.3 HIGH | ||
Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | |||||
CVE-2022-45176 | 1 Liveboxcloud | 1 Vdesk | 2024-07-26 | N/A | 5.4 MEDIUM |
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Stored Cross-site Scripting (XSS) can occur under the /api/v1/getbodyfile endpoint via the uri parameter. The web application (through its vShare functionality section) doesn't properly check parameters, sent in HTTP requests as input, before saving them on the server. In addition, crafted JavaScript content can then be reflected back to the end user and executed by the web browser. | |||||
CVE-2024-41813 | 2024-07-26 | N/A | 7.5 HIGH | ||
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Starting in version 1.4.0 and prior to version 1.6.1, a Server-Side Request Forgery (SSRF) vulnerability in the `/proxy` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.6.1 patches the issue. | |||||
CVE-2024-41812 | 2024-07-26 | N/A | 7.5 HIGH | ||
txtdot is an HTTP proxy that parses only text, links, and pictures from pages, removing ads and heavy scripts. Prior to version 1.7.0, a Server-Side Request Forgery (SSRF) vulnerability in the `/get` route of txtdot allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network. Version 1.7.0 prevents displaying the response of forged requests, but the requests can still be sent. For complete mitigation, a firewall between txtdot and other internal network resources should be set. | |||||
CVE-2024-41375 | 2024-07-26 | N/A | N/A | ||
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/terminal-xhr.php | |||||
CVE-2024-41374 | 2024-07-26 | N/A | N/A | ||
ICEcoder 8.1 is vulnerable to Cross Site Scripting (XSS) via lib/settings-screen.php | |||||
CVE-2024-41373 | 2024-07-26 | N/A | N/A | ||
ICEcoder 8.1 contains a Path Traversal vulnerability via lib/backup-versions-preview-loader.php. | |||||
CVE-2024-41354 | 2024-07-26 | N/A | N/A | ||
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via /app/admin/widgets/edit.php | |||||
CVE-2024-41353 | 2024-07-26 | N/A | N/A | ||
phpipam 1.6 is vulnerable to Cross Site Scripting (XSS) via app\admin\groups\edit-group.php | |||||
CVE-2024-27358 | 2024-07-26 | N/A | N/A | ||
An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block an admin from completing an installation, aka a Denial-of-Service (DoS). | |||||
CVE-2024-27357 | 2024-07-26 | N/A | N/A | ||
An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins. | |||||
CVE-2024-26520 | 2024-07-26 | N/A | N/A | ||
An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets. | |||||
CVE-2024-24257 | 2024-07-26 | N/A | N/A | ||
An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component. | |||||
CVE-2023-50700 | 2024-07-26 | N/A | N/A | ||
Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method. | |||||
CVE-2024-7050 | 2024-07-26 | N/A | N/A | ||
Improper Authentication vulnerability in OpenText OpenText Directory Services may allow Multi-factor Authentication Bypass in particular scenarios.This issue affects OpenText Directory Services: 24.2. | |||||
CVE-2024-41807 | 2024-07-26 | N/A | N/A | ||
Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-4759. Reason: This record is a reservation duplicate of CVE-2023-4759. Notes: All CVE users should reference CVE-2023-4759 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. |