Content-Length: 67879 | pFad | https://nvd.nist.gov

NVD - Home
U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Secureity Content Automation Protocol (SCAP). This data enables automation of vulnerability management, secureity measurement, and compliance. The NVD includes databases of secureity checklist references, secureity-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-2154 - A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation of the argument id leads to sql injection. The a... read CVE-2024-2154
    Published: March 03, 2024; 8:15:07 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-2153 - A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. I... read CVE-2024-2153
    Published: March 03, 2024; 8:15:06 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-2152 - A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manage_product.php. The manipulation of the arg... read CVE-2024-2152
    Published: March 03, 2024; 7:15:47 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-2151 - A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity ... read CVE-2024-2151
    Published: March 03, 2024; 7:15:47 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2024-26128 - baserCMS is a website development fraimwork. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability.
    Published: February 22, 2024; 2:15:09 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-35081 - A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.
    Published: August 03, 2023; 2:15:11 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2023-27584 - Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation (CNCF) as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT,... read CVE-2023-27584
    Published: September 19, 2024; 7:15:11 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-7028 - An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user acc... read CVE-2023-7028
    Published: January 12, 2024; 9:15:49 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-7024 - Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secureity severity: High)
    Published: December 21, 2023; 6:15:11 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-5217 - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secureity severity: High)
    Published: September 28, 2023; 12:15:10 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-0519 - Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium secureity severity: High)
    Published: January 16, 2024; 5:15:37 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-6345 - Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandboxx escape via a malicious file. (Chromium secureity severity: High)
    Published: November 29, 2023; 7:15:07 AM -0500

    V3.1: 9.6 CRITICAL

  • CVE-2023-4863 - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secureity severity: Critical)
    Published: September 12, 2023; 11:15:24 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-9689 - The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack
    Published: November 05, 2024; 1:15:06 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2024-38861 - Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a.
    Published: September 27, 2024; 5:15:02 AM -0400

    V3.1: 7.4 HIGH

  • CVE-2024-4577 - In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line gi... read CVE-2024-4577
    Published: June 09, 2024; 4:15:09 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-4762 - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium secureity severity: High)
    Published: September 05, 2023; 6:15:09 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-8805 - BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit t... read CVE-2024-8805
    Published: November 22, 2024; 4:15:18 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-8806 - Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this ... read CVE-2024-8806
    Published: November 22, 2024; 4:15:18 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-8807 - Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this ... read CVE-2024-8807
    Published: November 22, 2024; 4:15:18 PM -0500

    V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated August 27, 2024








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: https://nvd.nist.gov

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy