U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,155 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2024-30595

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.

Published: March 28, 2024; 8:15:53 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30422

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1.

Published: March 28, 2024; 5:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30421

Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.

Published: March 28, 2024; 5:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2818

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels.

Published: March 28, 2024; 4:15:26 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-6371

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.

Published: March 28, 2024; 4:15:26 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-52628

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961).

Published: March 28, 2024; 4:15:25 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2890

Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.

Published: March 28, 2024; 3:16:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29241

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.

Published: March 28, 2024; 3:16:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

Published: March 28, 2024; 3:16:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29239

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29238

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29237

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29236

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29235

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29234

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:06 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29233

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:06 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29232

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:05 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29231

Improper validation of array index vulnerability in UserPrivilege.Enum webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.

Published: March 28, 2024; 3:16:04 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29230

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:03 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29229

Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors.

Published: March 28, 2024; 3:16:02 AM -0400
V3.x:(not available)
V2.0:(not available)