Total
314407 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49679 | 1 Wpkoi | 1 Wpkoi Templates For Elementor | 2024-11-08 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through 3.1.0. | |||||
| CVE-2024-49702 | 1 Mycred | 1 Mycred Elementor | 2024-11-08 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCRED myCred Elementor allows Stored XSS.This issue affects myCred Elementor: from n/a through 1.2.6. | |||||
| CVE-2024-22066 | 1 Zte | 8 Zxr10 160, Zxr10 160 Firmware, Zxr10 1800-2s and 5 more | 2024-11-08 | N/A | 6.5 MEDIUM |
| There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router . An authenticated attacker could use the vulnerability to obtain sensitive information about the device. | |||||
| CVE-2024-7784 | 2024-11-08 | N/A | 6.1 MEDIUM | ||
| During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-6979 | 2024-11-08 | N/A | 6.8 MEDIUM | ||
| Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of account passwords and social engineering attacks in tricking the administrator to perform specific configurations on operator- and/or viewer-privileged accounts. Axis has released patched AXIS OS a version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-0067 | 2024-11-08 | N/A | 4.3 MEDIUM | ||
| Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-50411 | 1 Kevonadonis | 1 Wp Abstracts | 2024-11-07 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1. | |||||
| CVE-2024-49642 | 1 Rafasashi | 1 Todo Custom Field | 2024-11-07 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafasashi Todo Custom Field allows Reflected XSS.This issue affects Todo Custom Field: from n/a through 3.0.4. | |||||
| CVE-2024-9443 | 1 Basticom | 1 Framework | 2024-11-07 | N/A | 5.4 MEDIUM |
| The Basticom Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | |||||
| CVE-2024-51358 | 2024-11-07 | N/A | 9.8 CRITICAL | ||
| An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. | |||||
| CVE-2024-47855 | 2024-11-07 | N/A | 5.3 MEDIUM | ||
| util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. | |||||
| CVE-2024-50410 | 1 Kibokolabs | 1 Namaste\! Lms | 2024-11-07 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.4. | |||||
| CVE-2024-50409 | 1 Kibokolabs | 1 Namaste\! Lms | 2024-11-07 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.2. | |||||
| CVE-2024-50407 | 1 Kibokolabs | 1 Namaste\! Lms | 2024-11-07 | N/A | 6.1 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Reflected XSS.This issue affects Namaste! LMS: from n/a through 2.6.2. | |||||
| CVE-2024-33068 | 1 Qualcomm | 244 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 241 more | 2024-11-07 | N/A | 6.5 MEDIUM |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. | |||||
| CVE-2024-38403 | 1 Qualcomm | 156 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 153 more | 2024-11-07 | N/A | 6.5 MEDIUM |
| Transient DOS while parsing BTM ML IE when per STA profile is not included. | |||||
| CVE-2024-38405 | 1 Qualcomm | 198 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 195 more | 2024-11-07 | N/A | 6.5 MEDIUM |
| Transient DOS while processing the CU information from RNR IE. | |||||
| CVE-2024-23385 | 1 Qualcomm | 188 205 Mobile Platform, 205 Mobile Platform Firmware, Apq8017 and 185 more | 2024-11-07 | N/A | 6.5 MEDIUM |
| Transient DOS as modem reset occurs when an unexpected MAC RAR (with invalid PDU length) is seen at UE. | |||||
| CVE-2024-33030 | 1 Qualcomm | 44 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 41 more | 2024-11-07 | N/A | 6.7 MEDIUM |
| Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size. | |||||
| CVE-2024-51522 | 1 Huawei | 1 Harmonyos | 2024-11-07 | N/A | 5.5 MEDIUM |
| Vulnerability of improper device information processing in the device management module Impact: Successful exploitation of this vulnerability may affect availability. | |||||