Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 335/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-51527(opens NVD record) | Medium | 5.1 | Permission control vulnerability in the Gallery app Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 5, 2024 |
| CVE-2024-51526(opens NVD record) | High | 8.2 | Permission control vulnerability in the hidebug module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 5, 2024 |
| CVE-2024-51525(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the clipboard module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 5, 2024 |
| CVE-2024-51524(opens NVD record) | Medium | 4.0 | Permission control vulnerability in the Wi-Fi module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 5, 2024 |
| CVE-2024-51523(opens NVD record) | High | 7.1 | Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 5, 2024 |
| CVE-2024-51522(opens NVD record) | Medium | 6.2 | Vulnerability of improper device information processing in the device management module Impact: Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51521(opens NVD record) | Medium | 5.7 | Input parameter verification vulnerability in the background service module Impact: Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51520(opens NVD record) | Medium | 5.5 | Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51519(opens NVD record) | Medium | 5.0 | Vulnerability of input parameters not being verified in the HDC module Impact: Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51518(opens NVD record) | Medium | 5.3 | Vulnerability of message types not being verified in the advanced messaging modul Impact: Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51517(opens NVD record) | Medium | 5.1 | Vulnerability of improper memory access in the phone service module Impact: Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51516(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally. | Nov 5, 2024 |
| CVE-2024-51515(opens NVD record) | Medium | 6.2 | Race condition vulnerability in the kernel network module Impact:Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51514(opens NVD record) | Medium | 5.3 | Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 5, 2024 |
| CVE-2024-51513(opens NVD record) | Medium | 5.5 | Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption. | Nov 5, 2024 |
| CVE-2024-51512(opens NVD record) | Medium | 6.2 | Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51511(opens NVD record) | Medium | 6.2 | Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. | Nov 5, 2024 |
| CVE-2024-51510(opens NVD record) | High | 7.6 | Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 5, 2024 |
| CVE-2024-9459(opens NVD record) | High | 8.3 | Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. | Nov 5, 2024 |
| CVE-2024-45086(opens NVD record) | Medium | 5.5 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. | Nov 4, 2024 |
| CVE-2024-34891(opens NVD record) | Medium | 6.8 | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request. | Nov 4, 2024 |
| CVE-2024-34885(opens NVD record) | Medium | 6.8 | Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request. | Nov 4, 2024 |
| CVE-2024-51127(opens NVD record) | High | 7.1 | An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information. | Nov 4, 2024 |
| CVE-2024-34887(opens NVD record) | Medium | 4.9 | Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request. | Nov 4, 2024 |
| CVE-2024-34883(opens NVD record) | Medium | 4.9 | Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request. | Nov 4, 2024 |
| CVE-2024-34882(opens NVD record) | Medium | 4.9 | Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request. | Nov 4, 2024 |
| CVE-2024-36485(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to SQL Injection in Technician reports option. | Nov 4, 2024 |
| CVE-2024-48878(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report. | Nov 4, 2024 |
| CVE-2024-9191(opens NVD record) | High | 7.1 | The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing. Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected. | Nov 1, 2024 |
| CVE-2024-48352(opens NVD record) | High | 7.5 | Yealink Meeting Server before V26.0.0.67 is vulnerable to sensitive data exposure in the server response via sending HTTP request with enterprise ID. | Nov 1, 2024 |
| CVE-2024-41745(opens NVD record) | Medium | 6.1 | IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Nov 1, 2024 |
| CVE-2024-41744(opens NVD record) | Medium | 6.5 | IBM CICS TX Standard 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | Nov 1, 2024 |
| CVE-2024-41741(opens NVD record) | Medium | 5.3 | IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system. | Nov 1, 2024 |
| CVE-2024-41738(opens NVD record) | Medium | 5.9 | IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques. | Nov 1, 2024 |
| CVE-2024-51066(opens NVD record) | High | 7.5 | An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers. | Oct 31, 2024 |
| CVE-2024-51065(opens NVD record) | Critical | 9.8 | Phpgurukul Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in admin/index.php via the the username parameter. | Oct 31, 2024 |
| CVE-2024-51064(opens NVD record) | Critical | 9.8 | Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection via the tid parameter to admin/queries.php. | Oct 31, 2024 |
| CVE-2024-51063(opens NVD record) | Critical | 9.1 | Phpgurukul Teachers Record Management System v2.1 is vulnerable to SQL Injection in add-teacher.php via the mobile number or email parameter. | Oct 31, 2024 |
| CVE-2024-51060(opens NVD record) | Critical | 9.1 | Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter. | Oct 31, 2024 |
| CVE-2024-48735(opens NVD record) | High | 7.7 | Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized users. | Oct 30, 2024 |
| CVE-2024-48734(opens NVD record) | High | 8.8 | Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users. | Oct 30, 2024 |
| CVE-2024-48733(opens NVD record) | High | 8.8 | SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users. | Oct 30, 2024 |
| CVE-2024-9419(opens NVD record) | High | 7.8 | Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC. | Oct 30, 2024 |
| CVE-2024-9110(opens NVD record) | Medium | 6.4 | A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. | Oct 30, 2024 |
| CVE-2024-9827(opens NVD record) | High | 7.8 | A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | Oct 29, 2024 |
| CVE-2024-9826(opens NVD record) | High | 7.8 | A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | Oct 29, 2024 |
| CVE-2024-8600(opens NVD record) | High | 7.8 | A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | Oct 29, 2024 |
| CVE-2024-8599(opens NVD record) | High | 7.8 | A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | Oct 29, 2024 |
| CVE-2024-8598(opens NVD record) | High | 7.8 | A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | Oct 29, 2024 |
| CVE-2024-8597(opens NVD record) | High | 7.8 | A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | Oct 29, 2024 |