Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35771 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-40575 1 Huawei 1 Opengauss 2026-06-17 N/A 5.5 MEDIUM
An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes
CVE-2024-40552 1 Publiccms 1 Publiccms 2026-06-17 N/A 8.8 HIGH
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
CVE-2024-40547 1 Publiccms 1 Publiccms 2026-06-17 N/A 6.5 MEDIUM
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.
CVE-2024-40522 1 Seacms 1 Seacms 2026-06-17 N/A 8.8 HIGH
There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the php file. An authenticated attacker can exploit this vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-40521 1 Seacms 1 Seacms 2026-06-17 N/A 8.8 HIGH
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the restrictions and write code in some way, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
CVE-2024-40520 1 Seacms 1 Seacms 2026-06-17 N/A 8.8 HIGH
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-40519 1 Seacms 1 Seacms 2026-06-17 N/A 8.8 HIGH
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-40518 1 Seacms 1 Seacms 2026-06-17 N/A 8.8 HIGH
SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated attackers to exploit the vulnerability to execute arbitrary commands and obtain system permissions.
CVE-2024-40407 1 Cybelesoft 1 Thinfinity Workspace 2026-06-17 N/A 7.5 HIGH
A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors.
CVE-2024-3968 1 Microfocus 1 Imanager 2026-06-17 N/A 7.8 HIGH
Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
CVE-2024-3959 1 Gitlab 1 Gitlab 2026-06-17 N/A 6.5 MEDIUM
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows private job artifacts can be accessed by any user.
CVE-2024-3927 1 Bdthemes 1 Element Pack 2026-06-17 N/A 5.3 MEDIUM
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form.
CVE-2024-3892 1 Progress 1 Telerik Ui For Winforms 2026-06-17 N/A 7.2 HIGH
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
CVE-2024-3872 1 Mattermost 1 Mattermost Mobile 2026-06-17 N/A 3.1 LOW
Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.
CVE-2024-3863 1 Mozilla 2 Firefox, Thunderbird 2026-06-17 N/A 9.8 CRITICAL
The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3846 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-3845 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-3844 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 4.3 MEDIUM
Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2024-3843 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 4.3 MEDIUM
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-3840 2 Fedoraproject, Google 2 Fedora, Chrome 2026-06-17 N/A 7.5 HIGH
Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)