CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-22077 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-22078 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem ... | 8.8 | HIGH | — | 0 |
| CVE-2024-22079 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. | 7.5 | HIGH | — | 0 |
| CVE-2024-22080 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57660 An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | HIGH | — | 0 |
| CVE-2024-22081 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-22082 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better under... | 7.5 | HIGH | — | 0 |
| CVE-2024-22083 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfigur... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-22084 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. | 7.5 | HIGH | — | 0 |
| CVE-2024-22085 An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28562 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR fo... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-28571 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG form... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-28563 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function whe... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-28564 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images ... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28565 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PS... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-28566 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format. | 8.4 | HIGH | — | 0 |
| CVE-2024-28567 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in ... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28568 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF form... | 6.2 | MEDIUM | — | 0 |
| CVE-2023-42242 An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php. | 3.8 | LOW | — | 0 |
| CVE-2024-28572 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG ... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28573 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28574 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when readi... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28575 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28576 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K for... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-28577 Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading i... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-28578 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. | 8.4 | HIGH | — | 0 |
| CVE-2024-28579 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-28580 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. | 8.4 | HIGH | — | 0 |
| CVE-2024-28581 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. | 8.4 | HIGH | — | 0 |
| CVE-2024-28582 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. | 8.4 | HIGH | — | 0 |
| CVE-2024-28583 Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. | 7.8 | HIGH | — | 0 |
| CVE-2024-28584 Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in... | 3.3 | LOW | — | 0 |
| CVE-2008-6637 Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (... | N/A | NONE | — | 0 |
| CVE-2025-14722 A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component... | 2.4 | LOW | — | 0 |
| CVE-2024-29473 OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-29419 There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-2626 Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | MEDIUM | — | 0 |
| CVE-2024-2631 Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 4.3 | MEDIUM | — | 0 |
| CVE-2024-29018 Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows f... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-29469 A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the ... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-29470 OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. | 6.1 | MEDIUM | — | 0 |
| CVE-2024-24050 Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. | 4.7 | MEDIUM | — | 0 |
| CVE-2023-49982 Broken access control in the component /admin/management/users of School Fees Management System v1.0 allows attackers to escalate privileges and perform Administrative actions, including adding and de... | 8.8 | HIGH | — | 0 |
| CVE-2023-49983 A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inje... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-49984 A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload i... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-49985 A cross-site scripting (XSS) vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inje... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-25811 An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-29943 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29944 An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, i... | 8.4 | HIGH | — | 0 |
| CVE-2024-29865 Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.