NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
313051	8.8	HIGH Network	zohocorp	manageengine_adaudit_plus	Zohocorp ManageEngine ADAudit Plus versions below 8121 are vulnerable to the authenticated SQL injection in account lockout report.	CWE-89 SQL Injection	CVE-2024-5467	2024-08-27 23:35	2024-08-23	Show	GitHub Exploit DB Packet Storm

313052	6.1	MEDIUM Network	blood_bank_system_project	blood_bank_system	A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login.php of the component…	CWE-79 Cross-site Scripting	CVE-2024-8174	2024-08-27 23:32	2024-08-27	Show	GitHub Exploit DB Packet Storm

313053	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo.	CWE-787 Out-of-bounds Write	CVE-2024-44557	2024-08-27 23:30	2024-08-27	Show	GitHub Exploit DB Packet Storm

313054	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo.	CWE-787 Out-of-bounds Write	CVE-2024-44555	2024-08-27 23:29	2024-08-27	Show	GitHub Exploit DB Packet Storm

313055	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.	CWE-787 Out-of-bounds Write	CVE-2024-44553	2024-08-27 23:29	2024-08-27	Show	GitHub Exploit DB Packet Storm

313056	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.	CWE-787 Out-of-bounds Write	CVE-2024-44552	2024-08-27 23:29	2024-08-27	Show	GitHub Exploit DB Packet Storm

313057	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv.	CWE-787 Out-of-bounds Write	CVE-2024-44551	2024-08-27 23:29	2024-08-27	Show	GitHub Exploit DB Packet Storm

313058	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv.	CWE-787 Out-of-bounds Write	CVE-2024-44550	2024-08-27 23:29	2024-08-27	Show	GitHub Exploit DB Packet Storm

313059	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.	CWE-787 Out-of-bounds Write	CVE-2024-44549	2024-08-27 23:28	2024-08-27	Show	GitHub Exploit DB Packet Storm

313060	9.8	CRITICAL Network	totolink	t10_firmware	A vulnerability classified as critical has been found in TOTOLINK T10 AC1200 4.1.8cu.5207. Affected is an unknown function of the file /squashfs-root/web_cste/cgi-bin/product.ini of the component Tel…	CWE-798 Use of Hard-coded Credentials	CVE-2024-8162	2024-08-27 23:28	2024-08-26	Show	GitHub Exploit DB Packet Storm

313061	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo.	CWE-787 Out-of-bounds Write	CVE-2024-44558	2024-08-27 23:28	2024-08-26	Show	GitHub Exploit DB Packet Storm

313062	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo.	CWE-787 Out-of-bounds Write	CVE-2024-44556	2024-08-27 23:28	2024-08-26	Show	GitHub Exploit DB Packet Storm

313063	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set.	CWE-787 Out-of-bounds Write	CVE-2024-44565	2024-08-27 22:43	2024-08-26	Show	GitHub Exploit DB Packet Storm

313064	9.8	CRITICAL Network	tenda	ax1806_firmware	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.	CWE-787 Out-of-bounds Write	CVE-2024-44563	2024-08-27 22:43	2024-08-26	Show	GitHub Exploit DB Packet Storm

313065	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend) to funct…	CWE-476 NULL Pointer Dereference	CVE-2024-43909	2024-08-27 22:41	2024-08-26	Show	GitHub Exploit DB Packet Storm

313066	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer dereference to ras_manager Check ras_manager before using it	CWE-476 NULL Pointer Dereference	CVE-2024-43908	2024-08-27 22:41	2024-08-26	Show	GitHub Exploit DB Packet Storm

313067	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer…	CWE-476 NULL Pointer Dereference	CVE-2024-43907	2024-08-27 22:41	2024-08-26	Show	GitHub Exploit DB Packet Storm

313068	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/admgpu: fix dereferencing null pointer context When user space sets an invalid ta type, the pointer context will be empty. So…	CWE-476 NULL Pointer Dereference	CVE-2024-43906	2024-08-27 22:41	2024-08-26	Show	GitHub Exploit DB Packet Storm

313069	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update This commit adds a null ch…	CWE-476 NULL Pointer Dereference	CVE-2024-43903	2024-08-27 22:39	2024-08-26	Show	GitHub Exploit DB Packet Storm

313070	8.8	HIGH Network	google	chrome	Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption vi…	CWE-416 Use After Free	CVE-2024-7968	2024-08-27 22:35	2024-08-22	Show	GitHub Exploit DB Packet Storm

313071	8.8	HIGH Network	google	chrome	Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CWE-787 Out-of-bounds Write	CVE-2024-7967	2024-08-27 22:35	2024-08-22	Show	GitHub Exploit DB Packet Storm

313072	8.8	HIGH Network	google	chrome	Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTM…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2024-7966	2024-08-27 22:35	2024-08-22	Show	GitHub Exploit DB Packet Storm

313073	8.8	HIGH Network	google	chrome	Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: H…	CWE-416 Use After Free	CVE-2024-7964	2024-08-27 22:35	2024-08-22	Show	GitHub Exploit DB Packet Storm

313074	8.8	HIGH Network	zoho zohocorp	manageengine_remote_monitoring_and_management manageengine_opmanager_msp manageengine_opmanager_plus manageengine_opmanager	Zohocorp ManageEngine OpManager and Remote Monitoring and Management versions 128329 and below are vulnerable to the authenticated remote code execution in the deploy agent option.	CWE-94 Code Injection	CVE-2024-5466	2024-08-27 22:32	2024-08-23	Show	GitHub Exploit DB Packet Storm

313075	8.8	HIGH Network	zohocorp	manageengine_adaudit_plus	Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in alerts module.	CWE-89 SQL Injection	CVE-2024-36517	2024-08-27 22:29	2024-08-23	Show	GitHub Exploit DB Packet Storm

313076	8.8	HIGH Network	zohocorp	manageengine_adaudit_plus	Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36515…	CWE-89 SQL Injection	CVE-2024-36516	2024-08-27 22:28	2024-08-23	Show	GitHub Exploit DB Packet Storm

313077	8.8	HIGH Network	zohocorp	manageengine_adaudit_plus	Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in dashboard. Note: This vulnerability is different from another vulnerability (CVE-2024-36516…	CWE-89 SQL Injection	CVE-2024-36515	2024-08-27 22:28	2024-08-23	Show	GitHub Exploit DB Packet Storm

313078	8.8	HIGH Network	zohocorp	manageengine_adaudit_plus	Zohocorp ManageEngine ADAudit Plus versions below 8000 are vulnerable to the authenticated SQL injection in file summary option.	CWE-89 SQL Injection	CVE-2024-36514	2024-08-27 22:28	2024-08-23	Show	GitHub Exploit DB Packet Storm

313079	9.8	CRITICAL Network	janobe	e-commerce_system	A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipu…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-8089	2024-08-27 22:21	2024-08-23	Show	GitHub Exploit DB Packet Storm

313080	9.8	CRITICAL Network	janobe	e-commerce_system	A vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This issue affects some unknown processing of the file /ecommerce/popup_Item.php. The manipulation of the…	CWE-89 SQL Injection	CVE-2024-8087	2024-08-27 22:19	2024-08-23	Show	GitHub Exploit DB Packet Storm

313081	9.8	CRITICAL Network	janobe	e-commerce_system	A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admi…	CWE-89 SQL Injection	CVE-2024-8086	2024-08-27 22:17	2024-08-23	Show	GitHub Exploit DB Packet Storm

313082	4.9	MEDIUM Network	ruijie	eg2000k_firmware	A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the a…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-8166	2024-08-27 22:03	2024-08-27	Show	GitHub Exploit DB Packet Storm

313083	-	-	-	-	Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Com…	-	CVE-2024-43806	2024-08-27 22:02	2024-08-27	Show	GitHub Exploit DB Packet Storm

313084	6.4	MEDIUM Network	-	-	The 140+ Widgets \| Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arrow’ parameter within the Post Grid widget in all versions up to, and …	-	CVE-2024-7791	2024-08-27 22:01	2024-08-27	Show	GitHub Exploit DB Packet Storm

313085	-	-	-	-	Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the `TOPHAT_APP_TOKEN` token stored in `~/.tophatrc` through use of a malicious Tophat URL control…	-	CVE-2024-45036	2024-08-27 22:01	2024-08-27	Show	GitHub Exploit DB Packet Storm

313086	-	-	-	-	Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. The Chisel server doesn't ever read the documented `AUTH` environment variable used to set credentials, which allows any unaut…	-	CVE-2024-43798	2024-08-27 22:01	2024-08-27	Show	GitHub Exploit DB Packet Storm

313087	6.1	MEDIUM Network	3ds	3dexperience	A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in use…	CWE-79 Cross-site Scripting	CVE-2024-6379	2024-08-27 18:15	2024-08-20	Show	GitHub Exploit DB Packet Storm

313088	-	-	-	-	The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.1 …	-	CVE-2024-8046	2024-08-27 17:15	2024-08-27	Show	GitHub Exploit DB Packet Storm

313089	6.1	MEDIUM Network	3ds	3dexperience	An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect…	CWE-601 Open Redirect	CVE-2024-6377	2024-08-27 17:15	2024-08-20	Show	GitHub Exploit DB Packet Storm

313090	-	-	-	-	Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.2-01.	-	CVE-2024-7125	2024-08-27 14:15	2024-08-27	Show	GitHub Exploit DB Packet Storm

313091	4.3	MEDIUM Network	-	-	The Oxygen Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the oxy_save_css_from_admin AJAX action in all versions up to, and incl…	-	CVE-2024-6688	2024-08-27 14:15	2024-08-27	Show	GitHub Exploit DB Packet Storm

313092	-	-	-	-	Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the issue does not pose a secu…	-	CVE-2024-7989	2024-08-27 06:15	2024-08-27	Show	GitHub Exploit DB Packet Storm

313093	-	-	-	-	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…	-	CVE-2024-8188	2024-08-27 05:15	2024-08-27	Show	GitHub Exploit DB Packet Storm

313094	9.8	CRITICAL Network	givewp	givewp	The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input fr…	CWE-502 Deserialization of Untrusted Data	CVE-2024-5932	2024-08-27 03:34	2024-08-20	Show	GitHub Exploit DB Packet Storm

313095	6.5	MEDIUM Network	ibm	global_configuration_management	IBM Global Configuration Management 7.0.2 and 7.0.3 could allow an authenticated user to archive a global baseline due to improper access controls.	NVD-CWE-Other	CVE-2024-41773	2024-08-27 03:33	2024-08-21	Show	GitHub Exploit DB Packet Storm

313096	6.5	MEDIUM Network	ghost	ghost	Ghost is a Node.js content management system. Improper authentication on some endpoints used for member actions would allow an attacker to perform member-only actions, and read member information. Th…	CWE-287 Improper Authentication	CVE-2024-43409	2024-08-27 03:31	2024-08-21	Show	GitHub Exploit DB Packet Storm

313097	8.8	HIGH Network	lfedge	ekuiper	LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of …	CWE-89 SQL Injection	CVE-2024-43406	2024-08-27 03:30	2024-08-21	Show	GitHub Exploit DB Packet Storm

313098	9.8	CRITICAL Network	megacord	megabot	MEGABOT is a fully customized Discord bot for learning and fun. The `/math` command and functionality of MEGABOT versions < 1.5.0 contains a remote code execution vulnerability due to a Python `eval(…	CWE-94 Code Injection	CVE-2024-43404	2024-08-27 03:29	2024-08-21	Show	GitHub Exploit DB Packet Storm

313099	4.3	MEDIUM Network	apolloconfig	apollo	Apollo is a configuration management system. A vulnerability exists in the synchronization configuration feature that allows users to craft specific requests to bypass permission checks. This exploit…	NVD-CWE-Other	CVE-2024-43397	2024-08-27 03:28	2024-08-21	Show	GitHub Exploit DB Packet Storm

313100	4.3	MEDIUM Network	umbraco	umbraco_cms	Umbraco CMS is an ASP.NET CMS. An authenticated user can access a few unintended endpoints. This issue is fixed in 14.1.2.	NVD-CWE-Other	CVE-2024-43377	2024-08-27 03:26	2024-08-21	Show	GitHub Exploit DB Packet Storm