Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-42008 | 1 Roundcube | 1 Webmail | 2025-03-13 | 9.3 Critical |
| A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. | ||||
| CVE-2024-40521 | 1 Seacms | 1 Seacms | 2025-03-13 | 7.2 High |
| SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. | ||||
| CVE-2024-40478 | 1 Jayesh | 1 Online Exam System | 2025-03-13 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields | ||||
| CVE-2024-39251 | 1 Thunderobot | 1 Control Center | 2025-03-13 | 10 Critical |
| An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests. | ||||
| CVE-2024-39094 | 1 Friendica | 1 Friendica | 2025-03-13 | 5.4 Medium |
| Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. | ||||
| CVE-2024-37279 | 1 Elastic | 1 Kibana | 2025-03-13 | 4.3 Medium |
| A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex queries. | ||||
| CVE-2024-35039 | 1 Idccms Project | 1 Idccms | 2025-03-13 | 3.8 Low |
| idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area. | ||||
| CVE-2024-33220 | 1 Asus | 1 Aisuite3 | 2025-03-13 | 8.8 High |
| An issue in the component AslO3_64.sys of ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
| CVE-2024-31783 | 2025-03-13 | 6.1 Medium | ||
| Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation. | ||||
| CVE-2024-31332 | 1 Google | 1 Android | 2025-03-13 | 8.4 High |
| In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-29937 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2025-03-13 | 9.8 Critical |
| NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. | ||||
| CVE-2024-29645 | 1 Radare | 1 Radare2 | 2025-03-13 | 7.8 High |
| Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. | ||||
| CVE-2024-25801 | 1 Skinsoft | 1 S-museum | 2025-03-13 | 4.6 Medium |
| SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file. | ||||
| CVE-2024-23261 | 1 Apple | 1 Macos | 2025-03-13 | 7.5 High |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.4, macOS Ventura 13.6.8. An attacker may be able to read information belonging to another user. | ||||
| CVE-2024-22811 | 1 Tormach | 1 Pilotpath Controller | 2025-03-13 | 8.2 High |
| An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory. | ||||
| CVE-2024-21689 | 1 Atlassian | 3 Bamboo, Bamboo Data Center, Bamboo Server | 2025-03-13 | 8.0 High |
| This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17 Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was reported via our Bug Bounty program. | ||||
| CVE-2024-21584 | 1 Pleasanter | 1 Pleasanter | 2025-03-13 | 6.1 Medium |
| Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. | ||||
| CVE-2024-21247 | 2 Oracle, Redhat | 4 Mysql, Mysql Client, Mysql Cluster and 1 more | 2025-03-13 | 3.8 Low |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2024-21230 | 2 Oracle, Redhat | 4 Mysql, Mysql Cluster, Mysql Server and 1 more | 2025-03-13 | 6.5 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2024-21219 | 2 Oracle, Redhat | 3 Mysql, Mysql Server, Enterprise Linux | 2025-03-13 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||