The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-41858 - InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that... read CVE-2024-41858
Published: August 14, 2024; 5:15:12 AM -0400V3.1: 7.8 HIGH
-
CVE-2024-39322 - aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configurati... read CVE-2024-39322
Published: July 02, 2024; 5:15:10 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-22524 - dnspod-sr 0dfbd37 is vulnerable to buffer overflow.
Published: June 06, 2024; 6:15:10 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-22525 - dnspod-sr 0dfbd37 contains a SEGV.
Published: June 06, 2024; 6:15:10 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2024-2288 - A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attacke... read CVE-2024-2288
Published: June 06, 2024; 3:15:54 PM -0400V3.1: 8.3 HIGH
-
CVE-2024-3104 - A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the `POST /api/system/update-en... read CVE-2024-3104
Published: June 06, 2024; 2:15:17 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-3408 - man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to for... read CVE-2024-3408
Published: June 06, 2024; 3:16:01 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-3110 - A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize an... read CVE-2024-3110
Published: June 06, 2024; 3:15:59 PM -0400V3.1: 8.7 HIGH
-
CVE-2024-22326 - IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Fo... read CVE-2024-22326
Published: June 06, 2024; 3:15:52 PM -0400V3.1: 6.3 MEDIUM
-
CVE-2024-37154 - Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 an... read CVE-2024-37154
Published: June 06, 2024; 3:15:58 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-24880 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.
Published: February 08, 2024; 7:15:56 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-37153 - Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the... read CVE-2024-37153
Published: June 06, 2024; 3:15:58 PM -0400V3.1: 7.5 HIGH
-
CVE-2024-24879 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.
Published: February 08, 2024; 7:15:55 AM -0500V3.1: 6.1 MEDIUM
-
CVE-2024-36735 - OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating.
Published: June 06, 2024; 3:15:58 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-9974 - A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. T... read CVE-2024-9974
Published: October 15, 2024; 6:15:04 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-9973 - A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date l... read CVE-2024-9973
Published: October 15, 2024; 6:15:04 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-36730 - Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.
Published: June 06, 2024; 3:15:57 PM -0400V3.1: 7.5 HIGH
-
CVE-2024-9813 - A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injec... read CVE-2024-9813
Published: October 10, 2024; 5:15:05 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-9812 - A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated r... read CVE-2024-9812
Published: October 10, 2024; 5:15:05 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-9811 - A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to init... read CVE-2024-9811
Published: October 10, 2024; 5:15:05 PM -0400V3.1: 9.8 CRITICAL