Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6907 | 1 Jkev | 1 Record Management System | 2024-07-30 | 4.0 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file sort.php. The manipulation of the argument sort leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271932. | |||||
| CVE-2024-41804 | 2024-07-30 | N/A | 6.5 MEDIUM | ||
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API route inside the CMS responsible for Adding/Editing DataSet Column Formulas. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `formula` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. | |||||
| CVE-2024-41803 | 2024-07-30 | N/A | 4.9 MEDIUM | ||
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain arbitrary data from the Xibo database by injecting specially crafted values in to the API for viewing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. | |||||
| CVE-2024-41802 | 2024-07-30 | N/A | 8.1 HIGH | ||
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the APIs for importing JSON and importing a Layout containing DataSet data. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue | |||||
| CVE-2024-34149 | 2024-07-30 | N/A | N/A | ||
| In Bitcoin Core through 27.0 and Bitcoin Knots before 25.1.knots20231115, tapscript lacks a policy size limit check, a different issue than CVE-2023-50428. NOTE: some parties oppose this new limit check (for example, because they agree with the objective but disagree with the technical mechanism, or because they have a different objective). | |||||
| CVE-2023-45935 | 2024-07-30 | N/A | N/A | ||
| Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server. | |||||
| CVE-2021-39613 | 1 Dlink | 2 Dvg-3104ms, Dvg-3104ms Firmware | 2024-07-30 | 5.0 MEDIUM | 9.8 CRITICAL |
| D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-24621 | 1 Softaculous | 1 Webuzo | 2024-07-30 | 10.0 HIGH | 9.8 CRITICAL |
| Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user. | |||||
| CVE-2024-24622 | 1 Softaculous | 1 Webuzo | 2024-07-30 | 9.0 HIGH | 8.8 HIGH |
| Softaculous Webuzo contains a command injection in the password reset functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | |||||
| CVE-2024-38103 | 1 Microsoft | 1 Edge | 2024-07-30 | N/A | 5.9 MEDIUM |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2024-24623 | 1 Softaculous | 1 Webuzo | 2024-07-30 | 9.0 HIGH | 8.8 HIGH |
| Softaculous Webuzo contains a command injection vulnerability in the FTP management functionality. A remote, authenticated attacker can exploit this vulnerability to gain code execution on the system. | |||||
| CVE-2024-5217 | 1 Servicenow | 1 Servicenow | 2024-07-30 | N/A | 9.8 CRITICAL |
| ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. | |||||
| CVE-2024-4188 | 2024-07-30 | N/A | N/A | ||
| Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4. | |||||
| CVE-2024-41109 | 2024-07-30 | N/A | 6.3 MEDIUM | ||
| Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Navigating to `/admin/index/statistics` with a logged in Pimcore user exposes information about the Pimcore installation, PHP version, MYSQL version, installed bundles and all database tables and their row count in the system. This vulnerability is fixed in 1.5.2, 1.4.6, and 1.3.10. | |||||
| CVE-2024-40800 | 2024-07-30 | N/A | N/A | ||
| An input validation issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system. | |||||
| CVE-2024-39320 | 2024-07-30 | N/A | 6.1 MEDIUM | ||
| Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed_iframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. | |||||
| CVE-2024-37299 | 2024-07-30 | N/A | 4.9 MEDIUM | ||
| Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, crafting requests to submit very long tag group names can reduce the availability of a Discourse instance. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5. | |||||
| CVE-2024-37165 | 2024-07-30 | N/A | 6.3 MEDIUM | ||
| Discourse is an open source discussion platform. Prior to 3.2.3 and 3.3.0.beta3, improperly sanitized Onebox data could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. This vulnerability is fixed in 3.2.3 and 3.3.0.beta3. | |||||
| CVE-2024-4879 | 1 Servicenow | 1 Servicenow | 2024-07-30 | N/A | 9.8 CRITICAL |
| ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. | |||||
| CVE-2023-39016 | 1 Bbossgroups | 1 Bboss | 2024-07-30 | N/A | 9.8 CRITICAL |
| bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument. | |||||