Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41112 1 Opengeos 1 Streamlit-geospatial 2024-11-21 9.8 Critical
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue.
CVE-2024-40520 1 Seacms 1 Seacms 2024-11-21 8.8 High
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-40518 1 Seacms 1 Seacms 2024-11-21 7.2 High
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-3959 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user.
CVE-2024-3454 1 Csa-iot 1 Matter 2024-11-21 3.5 Low
An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information.
CVE-2024-3297 1 Csa-iot 1 Matter 2024-11-21 6.5 Medium
An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until the device is power-cycled.
CVE-2024-3175 1 Google 1 Chrome 2024-11-21 6.3 Medium
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2024-39807 1 Mattermost 1 Mattermost 2024-11-21 3.1 Low
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or restored channels.
CVE-2024-39740 1 Ibm 2 Datacap, Datacap Navigator 2024-11-21 4.3 Medium
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
CVE-2024-39729 1 Ibm 2 Datacap, Datacap Navigator 2024-11-21 4.3 Medium
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.
CVE-2024-39674 1 Huawei 2 Emui, Harmonyos 2024-11-21 6.2 Medium
Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-39672 1 Huawei 2 Emui, Harmonyos 2024-11-21 8.4 High
Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability.
CVE-2024-39670 1 Huawei 2 Emui, Harmonyos 2024-11-21 6.2 Medium
Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-39593 1 Sap 1 Landscape Management 2024-11-21 6.9 Medium
SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities.
CVE-2024-39376 1 Markoni 4 Markoni-d \(compact\), Markoni-d \(compact\) Firmware, Markoni-dh \(exciter\+amplifiers\) and 1 more 2024-11-21 9.8 Critical
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated permissions.
CVE-2024-39353 1 Mattermost 1 Mattermost 2024-11-21 2.7 Low
Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read message contents.
CVE-2024-39322 1 Aimeos Project 1 Ai-controller-frontend 2024-11-21 5.5 Medium
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.
CVE-2024-39202 1 Dlink 3 Dir-823x Ax3000, Dir-823x Ax3000 Firmware, Dir-823x Firmware 2024-11-21 7.6 High
D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings.
CVE-2024-39028 1 Seacms 1 Seacms 2024-11-21 9.8 Critical
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
CVE-2024-38462 1 Irods 1 Irods 2024-11-21 9.8 Critical
iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference.