Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35740 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-3927 1 Bdthemes 1 Element Pack 2026-06-17 N/A 5.3 MEDIUM
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.
CVE-2024-3892 1 Progress 1 Telerik Ui For Winforms 2026-06-17 N/A 7.2 HIGH
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
CVE-2024-3872 1 Mattermost 1 Mattermost Mobile 2026-06-17 N/A 3.1 LOW
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.
CVE-2024-3863 1 Mozilla 2 Firefox, Thunderbird 2026-06-17 N/A 9.8 CRITICAL
The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3846 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-3845 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-3844 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2024-3843 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 4.3 MEDIUM
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-3840 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 7.5 HIGH
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-3838 1 Google 1 Chrome 2026-06-17 N/A 5.5 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)
CVE-2024-3833 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 8.8 HIGH
Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-3832 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 8.8 HIGH
Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-3829 1 Qdrant 1 Qdrant 2026-06-17 N/A 9.1 CRITICAL
qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a symlink and a payload file in the snapshot's directory structure. This vulnerability allows for the reading and writing of arbitrary files on the server, which could potentially lead to a full takeover of the system. The issue is fixed in version v1.9.0.
CVE-2024-3789 1 Whitebearsolutions 1 Wbsairback 2026-06-17 N/A 6.5 MEDIUM
Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources consumed.
CVE-2024-3749 1 Smartypantsplugins 1 Sp Project \& Document Manager 2026-06-17 N/A 6.5 MEDIUM
The SP Project & Document Manager WordPress plugin through 4.71 lacks proper access controllers and allows a logged in user to view and download files belonging to another user
CVE-2024-3748 1 Smartypantsplugins 1 Sp Project \& Document Manager 2026-06-17 N/A 6.5 MEDIUM
The SP Project & Document Manager WordPress plugin through 4.71 is missing validation in its upload function, allowing a user to manipulate the `user_id` to make it appear that a file was uploaded by another user
CVE-2024-3746 1 Measuresoft 1 Scadapro Server 2026-06-17 N/A 5.5 MEDIUM
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files.
CVE-2024-3717 1 Codedropz 1 Drag And Drop Multiple File Upload - Contact Form 7 2026-06-17 N/A 5.3 MEDIUM
The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form.
CVE-2024-3716 1 Redhat 1 Satellite 2026-06-17 N/A 6.2 MEDIUM
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.
CVE-2024-3706 1 Opengnsys 1 Opengnsys 2026-06-17 N/A 5.9 MEDIUM
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.