Export limit exceeded: 364799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364799 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31617 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2025-04-28 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds read, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2024-44571 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php. | ||||
| CVE-2024-44572 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function. | ||||
| CVE-2024-44573 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | 4.7 Medium |
| A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2024-44574 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function. | ||||
| CVE-2022-45422 | 1 Lg | 1 Smart Share | 2025-04-28 | 7.8 High |
| When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. | ||||
| CVE-2022-23740 | 1 Github | 1 Enterprise Server | 2025-04-28 | 8.8 High |
| CRITICAL: An improper neutralization of argument delimiters in a command vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. To exploit this vulnerability, an attacker would need permission to create and build GitHub Pages using GitHub Actions. This vulnerability affected only version 3.7.0 of GitHub Enterprise Server and was fixed in version 3.7.1. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2024-44575 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | 3.7 Low |
| RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session. | ||||
| CVE-2024-44577 | 1 Relyum | 2 Rely-pcie, Rely-pcie Firmware | 2025-04-28 | 8.8 High |
| RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function. | ||||
| CVE-2024-42794 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 4.7 Medium |
| Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. | ||||
| CVE-2024-42795 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 4.2 Medium |
| An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. | ||||
| CVE-2024-42796 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 5.9 Medium |
| An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. | ||||
| CVE-2024-42798 | 2 Kashipara, Lopalopa | 2 Music Management System, Music Management System | 2025-04-28 | 7.6 High |
| An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. | ||||
| CVE-2024-27717 | 1 Eskooly | 2 Eskooly, Web Product | 2025-04-28 | 6.5 Medium |
| Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component. | ||||
| CVE-2024-40425 | 2 Nanjing Xingyuantu Technology, Sparkshop | 2 Sparkshop, Sparkshop | 2025-04-28 | 9.8 Critical |
| File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component. | ||||
| CVE-2024-40455 | 1 Thinksaas | 1 Thinksaas | 2025-04-28 | 2.7 Low |
| An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. | ||||
| CVE-2024-40456 | 1 Thinksaas | 1 Thinksaas | 2025-04-28 | 9.8 Critical |
| ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php. | ||||
| CVE-2024-38996 | 1 Ag-grid | 3 Ag-grid, Ag-grid-community, Ag-grid-enterprise | 2025-04-28 | 9.8 Critical |
| ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38909 | 2 Std42, Studio42 | 2 Elfinder, Elfinder | 2025-04-28 | 9.8 Critical |
| Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. | ||||
| CVE-2022-37301 | 1 Schneider-electric | 96 Modicon M340 Bmx P34-2010, Modicon M340 Bmx P34-2010 Firmware, Modicon M340 Bmx P34-2030 and 93 more | 2025-04-28 | 7.5 High |
| A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists that could cause a denial of service of the controller due to memory access violations when using the Modbus TCP protocol. Affected products: Modicon M340 CPU (part numbers BMXP34*)(V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*)(V3.22 and prior), Legacy Modicon Quantum/Premium(All Versions), Modicon Momentum MDI (171CBU*)(All Versions), Modicon MC80 (BMKC80)(V1.7 and prior) | ||||