Search and browse vulnerability records from NVD
Showing 50 of 42142 CVEs
| CVE ID | Severity | Description | EPSS | Published | |
|---|---|---|---|---|---|
| 7.8 HIGH |
Command injection vulnerability in Movistar 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an authenticated user to execute commands inside the router by making a POST request to the URL '/cgi-bin/gui.cgi'. |
0.7% | 2024-03-13 | ||
| 8.8 HIGH |
The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges. |
0.3% | 2024-03-13 | ||
| 7.2 HIGH |
The Ultimate Member β User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
26.7% | 2024-03-13 | ||
| 8.8 HIGH |
An unautheticated remote attacker could send specifically crafted packets to a affected device. If an authenticated user then views that data in a specific page of the web-based management a buffer overflow will be triggered to gain full access of the device. |
0.6% | 2024-03-13 | ||
| 7.5 HIGH |
The Post Grid Combo β 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts. |
0.6% | 2024-03-12 | ||
| 7.3 HIGH |
The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete labels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
0.2% | 2024-03-12 | ||
| 7.2 HIGH |
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
0.6% | 2024-03-12 | ||
| 7.8 HIGH |
A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. |
0.3% | 2024-03-12 | ||
| 8.8 HIGH |
stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security implications. To invoke a reflex a websocket message of the following shape is sent: `\"target\":\"[class_name]#[method_name]\",\"args\":[]`. The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments. This is problematic as `reflex.method method_name` can be more methods that those explicitly specified by the developer in their reflex class. A good example is the instance_variable_set method. This vulnerability has been patched in versions 3.4.2 and 3.5.0.rc4. Users unable to upgrade should: see the backing GHSA advisory for mitigation advice. |
1.6% | 2024-03-12 | ||
| 8.2 HIGH |
A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability. |
0.2% | 2024-03-12 | ||
| 8.8 HIGH |
The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below. |
0.5% | 2024-03-12 | ||
|
CVE-2024-26169
KEV
|
7.8 HIGH |
Windows Error Reporting Service Elevation of Privilege Vulnerability |
4.0% | 2024-03-12 | |
| 8.4 HIGH |
In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution. |
0.5% | 2024-03-12 | ||
| 7.8 HIGH |
A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file.Β An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory.Β Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running. |
0.2% | 2024-03-12 | ||
| 7.5 HIGH |
The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks. |
0.4% | 2024-03-12 | ||
| 7.5 HIGH |
A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot. |
0.5% | 2024-03-12 | ||
| 7.5 HIGH |
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service. |
0.5% | 2024-03-12 | ||
| 7.5 HIGH |
A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x IP6 (All versions), Cerberus PRO EN Fire Panel FC72x IP7 (All versions), Cerberus PRO EN Fire Panel FC72x IP8 (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution IP7 (All versions), Cerberus PRO EN X200 Cloud Distribution IP8 (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution IP7 (All versions), Cerberus PRO EN X300 Cloud Distribution IP8 (All versions < V4.3.5617), Cerberus PRO UL Compact Panel FC922/924 (All versions < MP4), Cerberus PRO UL Engineering Tool (All versions < MP4), Cerberus PRO UL X300 Cloud Distribution (All versions < V4.3.0001), Desigo Fire Safety UL Compact Panel FC2025/2050 (All versions < MP4), Desigo Fire Safety UL Engineering Tool (All versions < MP4), Desigo Fire Safety UL X300 Cloud Distribution (All versions < V4.3.0001), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 MP6 (All versions), Sinteso FS20 EN Fire Panel FC20 MP7 (All versions), Sinteso FS20 EN Fire Panel FC20 MP8 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X200 Cloud Distribution MP8 (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution MP7 (All versions), Sinteso FS20 EN X300 Cloud Distribution MP8 (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service. |
0.8% | 2024-03-12 | ||
| 7.2 HIGH |
Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section. |
0.9% | 2024-03-12 | ||
| 7.1 HIGH |
Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php. |
0.5% | 2024-03-11 | ||
| 7.5 HIGH |
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). |
2.0% | 2024-03-10 | ||
| 8.8 HIGH |
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. |
0.4% | 2024-03-09 | ||
| 7.5 HIGH |
An issue was discovered in Newland Nquire 1000 Interactive Kiosk version NQ1000-II_G_V1.00.011, allows remote attackers to obtain sensitive information via cleartext credential storage in backup.htm component. |
0.4% | 2024-03-09 | ||
| 7.4 HIGH |
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2. |
0.6% | 2024-03-09 | ||
| 7.8 HIGH |
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution. |
0.3% | 2024-03-08 | ||
| 7.8 HIGH |
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to elevate privileges. |
0.3% | 2024-03-08 | ||
| 7.8 HIGH |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing an image may lead to arbitrary code execution. |
1.2% | 2024-03-08 | ||
| 8.6 HIGH |
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, watchOS 10.4. An app may be able to break out of its sandbox. |
0.5% | 2024-03-08 | ||
| 7.8 HIGH |
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. |
0.3% | 2024-03-08 | ||
| 7.8 HIGH |
An injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. |
0.4% | 2024-03-08 | ||
| 7.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges. |
0.3% | 2024-03-08 | ||
| 7.8 HIGH |
An injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. |
0.4% | 2024-03-08 | ||
| 7.8 HIGH |
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to cause unexpected system termination or write kernel memory. |
0.7% | 2024-03-08 | ||
| 7.8 HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1. Processing an image may lead to arbitrary code execution. |
0.2% | 2024-03-08 | ||
| 7.1 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents. |
0.2% | 2024-03-08 | ||
| 7.1 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents. |
0.5% | 2024-03-08 | ||
| 7.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution. |
0.4% | 2024-03-08 | ||
| 8.6 HIGH |
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. An app may be able to break out of its sandbox. |
0.7% | 2024-03-08 | ||
| 7.8 HIGH |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4. An app from a standard user account may be able to escalate privilege after admin user login. |
0.2% | 2024-03-08 | ||
| 7.8 HIGH |
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. |
0.2% | 2024-03-08 | ||
| 8.8 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content may lead to arbitrary code execution. |
1.2% | 2024-03-08 | ||
| 7.1 HIGH |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files. |
0.3% | 2024-03-08 | ||
| 8.6 HIGH |
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. |
0.3% | 2024-03-08 | ||
| 7.5 HIGH |
RAD SecFlow-2 devices with Hardware 0202, Firmware 4.1.01.63, and U-Boot 2010.12 allow URIs beginning with /.. for Directory Traversal, as demonstrated by reading /etc/shadow. |
0.8% | 2024-03-08 | ||
| 8.8 HIGH |
Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.) |
0.5% | 2024-03-08 | ||
| 8.8 HIGH |
The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled. |
1.3% | 2024-03-07 | ||
| 8.8 HIGH |
The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. |
1.0% | 2024-03-07 | ||
| 8.1 HIGH |
Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory. |
0.6% | 2024-03-07 | ||
| 7.7 HIGH |
File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. |
0.3% | 2024-03-07 | ||
| 7.2 HIGH |
A stack-based buffer overflow vulnerability exists in the JSON Parsing getblockschedule() functionality of Netgear RAX30 1.0.11.96 and 1.0.7.78. A specially crafted HTTP request can lead to code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. |
19.5% | 2024-03-07 |