Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52765 | 1 H3c | 2 Gr-1800ax, Gr-1800ax Firmware | 2025-03-13 | 9.8 Critical |
| H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. | ||||
| CVE-2024-49742 | 2025-03-13 | 7.8 High | ||
| In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-48937 | 1 Znuny | 1 Znuny | 2025-03-13 | 6.1 Medium |
| Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed. | ||||
| CVE-2024-48903 | 1 Trend Micro Inc | 1 Deep Security Agent | 2025-03-13 | 7.8 High |
| An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-48288 | 1 Tp-link | 1 Tl-ipc42c Firmware | 2025-03-13 | 8 High |
| TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. | ||||
| CVE-2024-46972 | 2025-03-13 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | ||||
| CVE-2024-46933 | 2025-03-13 | 7.7 High | ||
| An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access. | ||||
| CVE-2024-44716 | 1 Dedebiz | 1 Dedebiz | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-43437 | 2025-03-13 | 5.4 Medium | ||
| A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files. | ||||
| CVE-2024-42947 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-03-13 | 9.8 Critical |
| An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. | ||||
| CVE-2024-42399 | 2 Arubanetworks, Hp | 3 Arubaos, Instant, Instantos | 2025-03-13 | 5.3 Medium |
| Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected Access Point. | ||||
| CVE-2024-41258 | 1 Filestash | 1 Filestash | 2025-03-13 | 5.3 Medium |
| An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2024-40495 | 1 Linksys | 1 E2500 Firmware | 2025-03-13 | 8 High |
| A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. | ||||
| CVE-2024-40443 | 2025-03-13 | 4.3 Medium | ||
| SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php | ||||
| CVE-2024-3986 | 1 Themeboy | 1 Sportspress | 2025-03-13 | 4.8 Medium |
| The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-3168 | 1 Google | 1 Chrome | 2025-03-13 | 8.8 High |
| Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-39921 | 1 Fujitsu | 38 Ipcom Ex2 Dc 3200, Ipcom Ex2 Dc 3200 Firmware, Ipcom Ex2 Dc 3500 and 35 more | 2025-03-13 | 7.5 High |
| Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited, some of the encrypted communication may be decrypted by an attacker who can obtain the contents of the communication. | ||||
| CVE-2024-39126 | 1 Roundup-tracker | 1 Roundup | 2025-03-13 | 5.4 Medium |
| Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | ||||
| CVE-2024-38471 | 1 Tp-link | 5 Archer Airr5 Firmware, Archer Ax3000 Firmware, Archer Ax5400 Firmware and 2 more | 2025-03-13 | 6.8 Medium |
| Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. | ||||
| CVE-2024-37878 | 1 Twcms | 1 Twcms | 2025-03-13 | 6.1 Medium |
| Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources | ||||