Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4469 | 2025-03-18 | 7.5 High | ||
| The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite configurations. | ||||
| CVE-2024-49822 | 1 Ibm | 1 Qradar Advisor With Watson | 2025-03-18 | 4.1 Medium |
| IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | ||||
| CVE-2024-49747 | 2025-03-18 | 9.8 Critical | ||
| In gatts_process_read_by_type_req of gatt_sr.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-49737 | 2025-03-18 | 7.8 High | ||
| In applyTaskFragmentOperation of WindowOrganizerController.java, there is a possible way to launch arbitrary activities as the system UID due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-48125 | 2025-03-18 | 7.5 High | ||
| An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. | ||||
| CVE-2024-46598 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46590 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46583 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46556 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46555 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-03-18 | 7.5 High |
| Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2024-46535 | 1 Jepass | 1 Jepass | 2025-03-18 | 9.8 Critical |
| Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at /homePortal/loadUserMsg. | ||||
| CVE-2024-46274 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2025-03-18 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. | ||||
| CVE-2024-46267 | 2 Cute Png, Randygaul | 2 Cute Png, Cute Png | 2025-03-18 | 7.8 High |
| cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h. | ||||
| CVE-2024-43770 | 2025-03-18 | 8.8 High | ||
| In gatts_process_find_info of gatt_sr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-40835 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-18 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. A shortcut may be able to use sensitive data with certain actions without prompting the user. | ||||
| CVE-2024-40831 | 1 Apple | 1 Macos | 2025-03-18 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library. | ||||
| CVE-2024-40347 | 1 Hyland | 1 Alfresco Content Services | 2025-03-18 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Hyland Alfresco Platform 23.2.1-r96 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter htmlid. | ||||
| CVE-2024-39248 | 1 Fikeulous | 1 Simpcms | 2025-03-18 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php. | ||||
| CVE-2024-38816 | 2 Redhat, Spring By Vmware Tanzu | 3 Apache Camel Spring Boot, Rhboac Hawtio, Spring Framework | 2025-03-18 | 7.5 High |
| Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. Specifically, an application is vulnerable when both of the following are true: * the web application uses RouterFunctions to serve static resources * resource handling is explicitly configured with a FileSystemResource location However, malicious requests are blocked and rejected when any of the following is true: * the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use * the application runs on Tomcat or Jetty | ||||
| CVE-2024-37675 | 1 Tessi | 1 Docubase | 2025-03-18 | 5.4 Medium |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. | ||||