U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-38877 - A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Produc... read CVE-2024-38877
    Published: August 02, 2024; 7:16:41 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-38879 - A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the pu... read CVE-2024-38879
    Published: August 02, 2024; 7:16:42 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-6128 - A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipulation of the argument quantity with the input ... read CVE-2024-6128
    Published: June 18, 2024; 5:15:56 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2023-36684 - Missing Authorization vulnerability in Brainstorm Force Convert Pro.This issue affects Convert Pro: from n/a through 1.7.5.
    Published: June 19, 2024; 10:15:12 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-36676 - Missing Authorization vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.
    Published: June 19, 2024; 10:15:11 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-6941 - A vulnerability, which was classified as problematic, has been found in ThinkSAAS 3.7.0. This issue affects some unknown processing of the file app/system/action/do.php. The manipulation of the argument site_title/site_subtitle/site_key/site_desc/... read CVE-2024-6941
    Published: July 21, 2024; 2:15:05 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-6942 - A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phon... read CVE-2024-6942
    Published: July 21, 2024; 3:15:05 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-6939 - A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The manipulation of the argument callback leads to cross site scripting.... read CVE-2024-6939
    Published: July 21, 2024; 1:15:04 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-6943 - A vulnerability has been found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this vulnerability is the function downloadImage of the file app/services/product/product/CopyTaobaoServices.php. The manipulation leads to d... read CVE-2024-6943
    Published: July 21, 2024; 3:15:06 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-6944 - A vulnerability was found in ZhongBangKeJi CRMEB up to 5.4.0 and classified as critical. Affected by this issue is the function get_image_base64 of the file PublicController.php. The manipulation of the argument file leads to deserialization. The ... read CVE-2024-6944
    Published: July 21, 2024; 4:15:06 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-8875 - A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be laun... read CVE-2024-8875
    Published: September 15, 2024; 6:15:09 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2024-8752 - The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.
    Published: September 16, 2024; 12:15:14 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-46958 - In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
    Published: September 15, 2024; 10:15:01 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2024-45595 - D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" in... read CVE-2024-45595
    Published: September 10, 2024; 12:15:21 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-45593 - Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix ... read CVE-2024-45593
    Published: September 10, 2024; 12:15:21 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-45592 - auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because `%source_lab... read CVE-2024-45592
    Published: September 10, 2024; 12:15:21 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-45591 - XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version num... read CVE-2024-45591
    Published: September 10, 2024; 12:15:21 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-31490 - An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 allows attacker to information disclosure via HTTP... read CVE-2024-31490
    Published: September 10, 2024; 11:15:15 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-33508 - An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute limited and tempora... read CVE-2024-33508
    Published: September 10, 2024; 11:15:16 AM -0400

    V3.1: 7.3 HIGH

  • CVE-2024-35282 - A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may allow an unauthenticated attacker that has ph... read CVE-2024-35282
    Published: September 10, 2024; 11:15:16 AM -0400

    V3.1: 4.6 MEDIUM

Created September 20, 2022 , Updated August 27, 2024