U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 229,239 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2024-30594

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceMac parameter of the addWifiMacFilter function.

Published: March 28, 2024; 9:15:48 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30593

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability located in the deviceName parameter of the formSetDeviceName function.

Published: March 28, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29896

Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the CSP headers generation feature might be "allow-listing" malicious injected resources like inlined JS, or references to external malicious scripts. The fix is available in version 1.3.0.

Published: March 28, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-27775

SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash

Published: March 28, 2024; 9:15:47 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30595

Tenda FH1202 v1.2.0.14(408) has a stack overflow vulnerability in the deviceId parameter of the addWifiMacFilter function.

Published: March 28, 2024; 8:15:53 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30422

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.1.

Published: March 28, 2024; 5:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-30421

Cross-Site Request Forgery (CSRF) vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.7.1.

Published: March 28, 2024; 5:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2818

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. It was possible for an attacker to cause a denial of service using malicious crafted description parameter for labels.

Published: March 28, 2024; 4:15:26 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-6371

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf of victims.

Published: March 28, 2024; 4:15:26 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2023-52628

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961).

Published: March 28, 2024; 4:15:25 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-2890

Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12.

Published: March 28, 2024; 3:16:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29241

Missing authorization vulnerability in System webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to bypass security constraints via unspecified vectors.

Published: March 28, 2024; 3:16:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29240

Missing authorization vulnerability in LayoutSave webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.

Published: March 28, 2024; 3:16:11 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29239

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29238

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29237

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29236

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29235

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29234

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:06 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2024-29233

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to inject SQL commands via unspecified vectors.

Published: March 28, 2024; 3:16:06 AM -0400
V3.x:(not available)
V2.0:(not available)