Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38460 | 1 Sonarsource | 1 Sonarqube | 2025-03-13 | 4.9 Medium |
| In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc). | ||||
| CVE-2024-38345 | 1 Solaplugins | 1 Sola Testimonials | 2025-03-13 | 8.1 High |
| A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site. | ||||
| CVE-2024-37391 | 2 Microsoft, Proton | 2 Windows, Protonvpn | 2025-03-13 | 7.8 High |
| ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. | ||||
| CVE-2024-37080 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-03-13 | 9.8 Critical |
| vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | ||||
| CVE-2024-36599 | 1 Aegon | 1 Life Insurance Management System | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. | ||||
| CVE-2024-36450 | 1 Webmin | 1 Webmin | 2025-03-13 | 5.4 Medium |
| Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted. | ||||
| CVE-2024-36448 | 1 Apache | 1 Iotdb Workbench | 2025-03-13 | 7.3 High |
| ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench. This issue affects Apache IoTDB Workbench: from 0.13.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-35537 | 1 Tvsmotor | 1 Tvs Connect | 2025-03-13 | 7.5 High |
| TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption. | ||||
| CVE-2024-35428 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-03-13 | 7.1 High |
| ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticated user can delete local files from the server which can lead to DoS. | ||||
| CVE-2024-33809 | 2025-03-13 | 6.5 Medium | ||
| PingCAP TiDB v7.5.1 was discovered to contain a buffer overflow vulnerability, which could lead to database crashes and denial of service attacks. | ||||
| CVE-2024-33687 | 1 Omron | 110 Nj-pa3001, Nj-pa3001 Firmware, Nj-pd3001 and 107 more | 2025-03-13 | 7.5 High |
| Insufficient verification of data authenticity issue exists in NJ Series CPU Unit all versions and NX Series CPU Unit all versions. If a user program in the affected product is altered, the product may not be able to detect the alteration. | ||||
| CVE-2024-2608 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-03-13 | 8.4 High |
| `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. | ||||
| CVE-2024-29779 | 1 Google | 1 Android | 2025-03-13 | 7.4 High |
| there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-28430 | 1 Dedecms | 1 Dedecms | 2025-03-13 | 6.1 Medium |
| DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php. | ||||
| CVE-2024-27881 | 1 Apple | 1 Macos | 2025-03-13 | 5.3 Medium |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access information about a user’s contacts. | ||||
| CVE-2024-27792 | 1 Apple | 1 Macos | 2025-03-13 | 5.5 Medium |
| This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. | ||||
| CVE-2024-27448 | 1 Maildev | 1 Maildev | 2025-03-13 | 9.1 Critical |
| MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file. | ||||
| CVE-2024-27378 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-03-13 | 6 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read. | ||||
| CVE-2024-25572 | 1 Saturday Drive | 1 Ninja Forms | 2025-03-13 | 8.8 High |
| Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. | ||||
| CVE-2024-21892 | 3 Linux, Nodejs, Redhat | 4 Linux Kernel, Node.js, Enterprise Linux and 1 more | 2025-03-13 | 7.8 High |
| On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. | ||||