Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-23463 |
Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1 Published: April 30, 2024; 1:15:46 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29320 |
Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php. Published: April 30, 2024; 12:15:07 PM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4340 |
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. Published: April 30, 2024; 11:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33465 |
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. Published: April 30, 2024; 11:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33309 |
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint Published: April 30, 2024; 11:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33308 |
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. Published: April 30, 2024; 11:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33275 |
SQL injection vulnerability in Webbax supernewsletter v.1.4.21 and before allows a remote attacker to escalate privileges via the Super Newsletter module in the product_search.php components. Published: April 30, 2024; 11:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33274 |
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php Published: April 30, 2024; 11:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33273 |
SQL injection vulnerability in shipup before v.3.3.0 allows a remote attacker to escalate privileges via the getShopID function. Published: April 30, 2024; 11:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33270 |
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component. Published: April 30, 2024; 11:15:53 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-33267 |
SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. Published: April 30, 2024; 11:15:52 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-2877 |
Vault Enterprise, when configured with performance standby nodes and a configured audit device, will inadvertently log request headers on the standby node. These logs may have included sensitive HTTP request information in cleartext. This vulnerability, CVE-2024-2877, was fixed in Vault Enterprise 1.15.8. Published: April 30, 2024; 11:15:52 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28716 |
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. Published: April 30, 2024; 11:15:52 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-25938 |
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Published: April 30, 2024; 11:15:52 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-25648 |
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Published: April 30, 2024; 11:15:52 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-25575 |
A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Published: April 30, 2024; 11:15:52 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-45385 |
ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module. Published: April 30, 2024; 11:15:51 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2023-38002 |
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208. Published: April 30, 2024; 11:15:50 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23774 |
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges. Published: April 30, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-23773 |
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges. Published: April 30, 2024; 10:15:15 AM -0400 |
V3.x:(not available) V2.0:(not available) |