CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2013-3112 Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2024-36257 Mattermost versions 9.5.x <= 9.5.5 and 9.8.0,Β when using shared channels with multiple remote servers connected,Β fail to check that the remote server A requesting the server B to update the profile pi... | 2.7 | LOW | β | 0 |
| CVE-2024-39353 Mattermost versions 9.5.x <= 9.5.5 and 9.8.0 fail to sanitize the RemoteClusterFrame payloads before audit logging them which allows a high privileged attacker with access to the audit logs to read me... | 2.7 | LOW | β | 0 |
| CVE-2024-39361 Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5 fail toΒ prevent users from specifying a RemoteId for their posts which allows an attacker to specify both a remoteId and th... | 3.1 | LOW | β | 0 |
| CVE-2024-37726 Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.ex... | 6.8 | MEDIUM | β | 0 |
| CVE-2024-39807 Mattermost versions 9.5.x <= 9.5.5 and 9.8.0Β fail to properly sanitize the recipients of a webhook event which allows an attacker monitoring webhook events to retrieve the channel IDs of archived or r... | 3.1 | LOW | β | 0 |
| CVE-2024-39830 Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an ... | 8.1 | HIGH | β | 0 |
| CVE-2024-6428 Mattermost versions 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2, 9.5.x <= 9.5.5 fail to prevent specifying a RemoteId when creating a new user which allows an attacker to specify both a remoteId and the use... | 5.3 | MEDIUM | β | 0 |
| CVE-2024-6469 A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main&inc=feature_firewall&op=fire... | 2.7 | LOW | β | 0 |
| CVE-2024-6426 Information exposure vulnerability in MESbook 20221021.03 version, the exploitation of which could allow a local attacker, with user privileges, to access different resources by changing the API value... | 8.1 | HIGH | β | 0 |
| CVE-2024-6427 Uncontrolled Resource Consumption vulnerability in MESbookΒ 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, c... | 7.5 | HIGH | β | 0 |
| CVE-2024-6471 A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management 1.0. This affects an unknown part of the file sms_setting.php. The manipulation of the argumen... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-39220 BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-39223 An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey | 9.8 | CRITICAL | β | 0 |
| CVE-2024-6052 Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements | 6.5 | MEDIUM | β | 0 |
| CVE-2024-6126 A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack. | 3.2 | LOW | β | 0 |
| CVE-2024-39844 In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-29506 Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. | 8.8 | HIGH | β | 0 |
| CVE-2024-35234 Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta3 on the `tests-passed` branch, an attacker can execute arbitrary JavaScript on use... | 4.2 | MEDIUM | β | 0 |
| CVE-2024-36113 Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a ro... | 4.9 | MEDIUM | β | 0 |
| CVE-2024-36122 Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, moderators using the review queue to r... | 2.4 | LOW | β | 0 |
| CVE-2024-37157 Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch and version 3.3.0.beta4 on the `beta` and `tests-passed` branches, a malicious actor could get the FastIm... | 6.4 | MEDIUM | β | 0 |
| CVE-2024-39028 An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2013-3113 Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup... | N/A | NONE | β | 0 |
| CVE-2024-2926 The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input saniti... | 6.4 | MEDIUM | β | 0 |
| CVE-2013-3114 Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption... | N/A | NONE | β | 0 |
| CVE-2013-3116 Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupt... | N/A | NONE | β | 0 |
| CVE-2013-3117 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulner... | N/A | NONE | β | 0 |
| CVE-2024-3904 Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary co... | 8.8 | HIGH | β | 0 |
| CVE-2024-32754 Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the contr... | 3.1 | LOW | β | 0 |
| CVE-2024-6319 The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it poss... | 8.8 | HIGH | β | 0 |
| CVE-2017-7494 Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2013-3118 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne... | N/A | NONE | β | 0 |
| CVE-2024-6507 Command injection when ingesting a remote Kaggle dataset due to a lack of input sanitization in the ingest_kaggle() API | 8.1 | HIGH | β | 0 |
| CVE-2024-39211 Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-6506 Information exposure vulnerability in the MRW plugin, in itsΒ 5.4.3 version,Β affecting the "mrw_log" functionality. This vulnerability could allow a remote attacker to obtain other customers' order inf... | 8.2 | HIGH | β | 0 |
| CVE-2024-39934 Robotmk before 2.0.1 allows a local user to escalate privileges (e.g., to SYSTEM) if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit ... | 7.8 | HIGH | β | 0 |
| CVE-2024-39943 rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell i... | 9.9 | CRITICAL | β | 0 |
| CVE-2024-27709 SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requ... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-39473 In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-39475 In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equa... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-39476 In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Xiao reported that lvm2 test lvconvert-raid-tak... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-39477 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: do not call vma_add_reservation upon ENOMEM sysbot reported a splat [1] on __unmap_hugepage_range(). This is because ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27711 An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings. | 8.8 | HIGH | β | 0 |
| CVE-2024-39478 In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree o... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-39480 In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use st... | 7.8 | HIGH | β | 0 |
| CVE-2024-39481 In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in media_pipeline_start The graph walk tries to follow all links, even if they are not between pads. Thi... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-39482 In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btree_iter btree_iter is used in two ways: either allocated on the stack with a fixed s... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-39483 In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked When requesting an NMI window, WARN on vNMI support being enabled... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-27716 Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields. | 5.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.