Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35849 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43115 1 Apache 1 Dolphinscheduler 2026-06-17 N/A 8.8 HIGH
Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue.
CVE-2024-43087 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-43085 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43081 1 Google 1 Android 2026-06-17 N/A 7.8 HIGH
In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-43052 1 Qualcomm 182 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 179 more 2026-06-17 N/A 7.8 HIGH
Memory corruption while processing API calls to NPU with invalid input.
CVE-2024-43051 1 Qualcomm 488 Aqt1000, Aqt1000 Firmware, Ar8031 and 485 more 2026-06-17 N/A 5.5 MEDIUM
Information disclosure while deriving keys for a session for any Widevine use case.
CVE-2024-42995 1 Vtiger 1 Vtiger Crm 2026-06-17 N/A 8.3 HIGH
VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
CVE-2024-42978 1 Tenda 2 Fh1206, Fh1206 Firmware 2026-06-17 N/A 9.8 CRITICAL
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-42967 1 Totolink 2 Lr350, Lr350 Firmware 2026-06-17 N/A 9.8 CRITICAL
Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42966 1 Totolink 2 N350rt, N350rt Firmware 2026-06-17 N/A 9.8 CRITICAL
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42947 1 Tenda 2 Fh1201, Fh1201 Firmware 2026-06-17 N/A 9.8 CRITICAL
An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2024-42861 1 Linuxptp Project 1 Linuxptp 2026-06-17 N/A 7.5 HIGH
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
CVE-2024-42835 1 Langflow 1 Langflow 2026-06-17 N/A 9.8 CRITICAL
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
CVE-2024-42798 1 Lopalopa 1 Music Management System 2026-06-17 N/A 7.6 HIGH
An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.
CVE-2024-42797 1 Lopalopa 1 Music Management System 2026-06-17 N/A 9.8 CRITICAL
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
CVE-2024-42796 1 Lopalopa 1 Music Management System 2026-06-17 N/A 5.9 MEDIUM
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.
CVE-2024-42795 1 Lopalopa 1 Music Management System 2026-06-17 N/A 4.2 MEDIUM
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.
CVE-2024-42794 1 Lopalopa 1 Music Management System 2026-06-17 N/A 4.7 MEDIUM
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.
CVE-2024-42776 1 Jayesh 1 Hotel Management System 2026-06-17 N/A 7.2 HIGH
Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php.
CVE-2024-42775 1 Jayesh 1 Hotel Management System 2026-06-17 N/A 9.1 CRITICAL
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access.