Export limit exceeded: 17153 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23905 | 1 Jenkins | 1 Red Hat Dependency Analytics | 2025-06-20 | 5.4 Medium |
| Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2024-23904 | 1 Jenkins | 1 Log Command | 2025-06-20 | 7.5 High |
| Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. | ||||
| CVE-2024-23898 | 2 Jenkins, Redhat | 2 Jenkins, Ocp Tools | 2025-06-20 | 8.8 High |
| Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. | ||||
| CVE-2024-23747 | 1 Modernasistemas | 1 Modernanet Hospital Management System 2024 | 2025-06-20 | 7.5 High |
| The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information. | ||||
| CVE-2024-23213 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2025-06-20 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2024-23183 | 1 Appleple | 1 A-blog Cms | 2025-06-20 | 5.4 Medium |
| Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser. | ||||
| CVE-2024-23181 | 1 Appleple | 1 A-blog Cms | 2025-06-20 | 6.1 Medium |
| Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser. | ||||
| CVE-2024-23032 | 1 Eyoucms | 1 Eyoucms | 2025-06-20 | 6.1 Medium |
| Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2024-22751 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2025-06-20 | 9.8 Critical |
| D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. | ||||
| CVE-2024-22662 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | 9.8 Critical |
| TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules | ||||
| CVE-2024-22660 | 1 Totolink | 2 A3700r, A3700r Firmware | 2025-06-20 | 9.8 Critical |
| TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg | ||||
| CVE-2024-22648 | 1 Seopanel | 1 Seo Panel | 2025-06-20 | 5.3 Medium |
| A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. | ||||
| CVE-2024-22635 | 1 Webcalendar Project | 1 Webcalendar | 2025-06-20 | 6.1 Medium |
| WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. | ||||
| CVE-2024-22570 | 1 Njtech | 1 Greencms | 2025-06-20 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-22523 | 1 Fuwushe | 1 Ifair | 2025-06-20 | 7.5 High |
| Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component. | ||||
| CVE-2024-22366 | 1 Yamaha | 10 Wlx202, Wlx202 Firmware, Wlx212 and 7 more | 2025-06-20 | 6.8 Medium |
| Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier. | ||||
| CVE-2024-21765 | 1 Cals-ed | 2 Electronic Delivery Check System, Electronic Delivery Item Inspection Support System | 2025-06-20 | 5.5 Medium |
| Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | ||||
| CVE-2024-20013 | 2 Google, Mediatek | 58 Android, Mt6580, Mt6731 and 55 more | 2025-06-20 | 6.7 Medium |
| In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. | ||||
| CVE-2024-20011 | 2 Google, Mediatek | 18 Android, Mt6985, Mt8127 and 15 more | 2025-06-20 | 9.8 Critical |
| In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146. | ||||
| CVE-2024-20009 | 2 Google, Mediatek | 34 Android, Mt6580, Mt6739 and 31 more | 2025-06-20 | 8.8 High |
| In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150. | ||||