Patch Tuesday — October 2024

2024-10-08 · 720 CVEs

CVEs published or modified the week of 2024-10-08, partitioned by vendor.

Microsoft (148 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43468Critical9.8KEV2024-10-08Microsoft Configuration Manager Remote Code Execution Vulnerability
CVE-2024-38124Critical9.02024-10-08Windows Netlogon Elevation of Privilege Vulnerability
CVE-2024-43611High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43608High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43607High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43599High8.82024-10-08Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-43593High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43592High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43589High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43564High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43549High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43533High8.82024-10-08Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-43532High8.82024-10-08Remote Registry Service Elevation of Privilege Vulnerability
CVE-2024-43519High8.82024-10-08Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-43518High8.82024-10-08Windows Telephony Server Remote Code Execution Vulnerability
CVE-2024-43517High8.82024-10-08Microsoft ActiveX Data Objects Remote Code Execution Vulnerability
CVE-2024-43488High8.82024-10-08Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
CVE-2024-43453High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38265High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38212High8.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38179High8.82024-10-08Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
CVE-2024-43591High8.72024-10-08Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
CVE-2024-43497High8.42024-10-08DeepSpeed Remote Code Execution Vulnerability
CVE-2024-43574High8.32024-10-08Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability
CVE-2024-45720High8.22024-10-09On Windows platforms, a "best fit" character encoding conversion of command line arguments to Subversion's executables (e.g., svn.exe, etc.) may lead to unexpected command line argument interpretation, including argument injection and exec…
CVE-2024-43582High8.12024-10-08Remote Desktop Protocol Server Remote Code Execution Vulnerability
CVE-2024-38229High8.12024-10-08.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-30092High8.02024-10-08Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-47425High7.82024-10-09Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47424High7.82024-10-09Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47423High7.82024-10-09Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution.
CVE-2024-47422High7.82024-10-09Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Untrusted Search Path vulnerability that could lead to arbitrary code execution.
CVE-2024-47421High7.82024-10-09Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.
CVE-2024-45137High7.82024-10-09InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution.
CVE-2024-45136High7.82024-10-09InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker.
CVE-2024-45152High7.82024-10-09Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45144High7.82024-10-09Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45143High7.82024-10-09Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45142High7.82024-10-09Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user.
CVE-2024-45141High7.82024-10-09Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45140High7.82024-10-09Substance3D - Stager versions 3.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45139High7.82024-10-09Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45138High7.82024-10-09Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47418High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47417High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47416High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47415High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47414High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47413High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47412High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47411High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47410High7.82024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45150High7.82024-10-09Dimension versions 4.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45146High7.82024-10-09Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-43616High7.82024-10-08Microsoft Office Remote Code Execution Vulnerability
CVE-2024-43601High7.82024-10-08Visual Studio Code for Linux Remote Code Execution Vulnerability
CVE-2024-43590High7.82024-10-08Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVE-2024-43583High7.82024-10-08Winlogon Elevation of Privilege Vulnerability
CVE-2024-43576High7.82024-10-08Microsoft Office Remote Code Execution Vulnerability
CVE-2024-43572High7.8KEV2024-10-08Microsoft Management Console Remote Code Execution Vulnerability
CVE-2024-43563High7.82024-10-08Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-43560High7.82024-10-08Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
CVE-2024-43556High7.82024-10-08Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-43551High7.82024-10-08Windows Storage Elevation of Privilege Vulnerability
CVE-2024-43528High7.82024-10-08Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43527High7.82024-10-08Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43516High7.82024-10-08Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43514High7.82024-10-08Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
CVE-2024-43509High7.82024-10-08Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-43505High7.82024-10-08Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-43504High7.82024-10-08Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-43503High7.82024-10-08Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43501High7.82024-10-08Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-38261High7.82024-10-08Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43584High7.72024-10-08Windows Scripting Engine Security Feature Bypass Vulnerability
CVE-2024-43575High7.52024-10-08Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43567High7.52024-10-08Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43565High7.52024-10-08Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-43562High7.52024-10-08Windows Network Address Translation (NAT) Denial of Service Vulnerability
CVE-2024-43545High7.52024-10-08Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
CVE-2024-43544High7.52024-10-08Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
CVE-2024-43541High7.52024-10-08Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
CVE-2024-43521High7.52024-10-08Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43515High7.52024-10-08Internet Small Computer Systems Interface (iSCSI) Denial of Service Vulnerability
CVE-2024-43506High7.52024-10-08BranchCache Denial of Service Vulnerability
CVE-2024-43485High7.52024-10-08.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43484High7.52024-10-08.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-43483High7.52024-10-08.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2024-38262High7.52024-10-08Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38149High7.52024-10-08BranchCache Denial of Service Vulnerability
CVE-2024-38129High7.52024-10-08Windows Kerberos Elevation of Privilege Vulnerability
CVE-2024-38029High7.52024-10-08Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVE-2024-43610High7.42024-10-09Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
CVE-2024-43553High7.42024-10-08NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43550High7.42024-10-08Windows Secure Channel Spoofing Vulnerability
CVE-2024-43552High7.32024-10-08Windows Shell Remote Code Execution Vulnerability
CVE-2024-43529High7.32024-10-08Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2024-43615High7.12024-10-08Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVE-2024-43581High7.12024-10-08Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
CVE-2024-43502High7.12024-10-08Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38097High7.12024-10-08Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2024-20659High7.12024-10-08Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2024-43535High7.02024-10-08Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-43522High7.02024-10-08Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
CVE-2024-43511High7.02024-10-08Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43612Medium6.92024-10-08Power BI Report Server Spoofing Vulnerability
CVE-2024-43543Medium6.82024-10-08Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-43536Medium6.82024-10-08Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-43526Medium6.82024-10-08Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-43525Medium6.82024-10-08Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-43524Medium6.82024-10-08Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-43523Medium6.82024-10-08Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-37983Medium6.72024-10-08Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2024-37982Medium6.72024-10-08Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2024-37979Medium6.72024-10-08Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-37976Medium6.72024-10-08Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2024-43480Medium6.62024-10-08Azure Service Fabric for Linux Remote Code Execution Vulnerability
CVE-2024-43609Medium6.52024-10-08Microsoft Office Spoofing Vulnerability
CVE-2024-43573Medium6.5KEV2024-10-08Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-43561Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43559Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43558Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43557Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43555Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43547Medium6.52024-10-08Windows Kerberos Information Disclosure Vulnerability
CVE-2024-43542Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43540Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43538Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43537Medium6.52024-10-08Windows Mobile Broadband Driver Denial of Service Vulnerability
CVE-2024-43534Medium6.52024-10-08Windows Graphics Component Information Disclosure Vulnerability
CVE-2024-43512Medium6.52024-10-08Windows Standards-Based Storage Management Service Denial of Service Vulnerability
CVE-2024-43481Medium6.52024-10-08Power BI Report Server Spoofing Vulnerability
CVE-2024-43570Medium6.42024-10-08Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43513Medium6.42024-10-08BitLocker Security Feature Bypass Vulnerability
CVE-2024-43604Medium5.72024-10-08Outlook for Android Elevation of Privilege Vulnerability
CVE-2024-43571Medium5.62024-10-08Sudo for Windows Spoofing Vulnerability
CVE-2024-43546Medium5.62024-10-08Windows Cryptographic Information Disclosure Vulnerability
CVE-2024-9469Medium5.52024-10-09A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows non-administrative privileges to disable the agent.
CVE-2024-47420Medium5.52024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47419Medium5.52024-10-09Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-43614Medium5.52024-10-08Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.
CVE-2024-43603Medium5.52024-10-08Visual Studio Collector Service Denial of Service Vulnerability
CVE-2024-43585Medium5.52024-10-08Code Integrity Guard Security Feature Bypass Vulnerability
CVE-2024-43554Medium5.52024-10-08Windows Kernel-Mode Driver Information Disclosure Vulnerability
CVE-2024-43508Medium5.52024-10-08Windows Graphics Component Information Disclosure Vulnerability
CVE-2024-43500Medium5.52024-10-08Windows Resilient File System (ReFS) Information Disclosure Vulnerability
CVE-2024-43520Medium5.02024-10-08Windows Kernel Denial of Service Vulnerability
CVE-2024-43456Medium4.82024-10-08Windows Remote Desktop Services Tampering Vulnerability

Other vendors (572 CVEs across 175 vendors)

N/a · 82 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48784Critical9.82024-10-11An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-46532Critical9.82024-10-11SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.
CVE-2024-46088Critical9.82024-10-11An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-42640Critical9.82024-10-11angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php.
CVE-2024-21534Critical9.82024-10-11All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization.
CVE-2024-45746Critical9.82024-10-09An issue was discovered in Trusted Firmware-M through 2.1.0.
CVE-2024-25825Critical9.82024-10-09FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard.
CVE-2024-45918Critical9.82024-10-08Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php.
CVE-2024-44349Critical9.82024-10-08A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.
CVE-2024-45874Critical9.82024-10-07A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe.
CVE-2024-45873Critical9.82024-10-07A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe.
CVE-2024-46076Critical9.82024-10-07RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code.
CVE-2024-48772Critical9.12024-10-11An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48787Critical9.12024-10-11An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48786Critical9.12024-10-11An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48778Critical9.12024-10-11An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48769Critical9.12024-10-11An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process.
CVE-2024-44730Critical9.12024-10-11Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.
CVE-2023-46586Critical9.12024-10-09cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.
CVE-2024-45160Critical9.12024-10-09Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).
CVE-2024-44414High8.82024-10-11A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical.
CVE-2024-44413High8.82024-10-11A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical.
CVE-2024-48827High8.82024-10-11An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function.
CVE-2024-48813High8.82024-10-11SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component.
CVE-2024-46041High8.82024-10-07IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.
CVE-2024-35522High8.42024-10-11Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set to NotNone.
CVE-2024-35517High8.42024-10-11Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter.
CVE-2023-37154High8.42024-10-09check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}.
CVE-2024-46278High8.42024-10-07Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
CVE-2024-48770High8.22024-10-11An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-46539High8.22024-10-08Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS).
CVE-2024-44068High8.12024-10-07An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920.
CVE-2024-45880High8.02024-10-08A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below.
CVE-2024-35288High7.82024-10-09Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode.
CVE-2024-42018High7.72024-10-11An issue was discovered in Atos Eviden SMC xScale before 1.6.6.
CVE-2024-48938High7.52024-10-11Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email.
CVE-2024-48788High7.52024-10-11An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48777High7.52024-10-11LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48776High7.52024-10-11An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2024-48775High7.52024-10-11An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48774High7.52024-10-11An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process.
CVE-2024-48773High7.52024-10-11An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2024-48771High7.52024-10-11An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2024-48768High7.52024-10-11An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process
CVE-2024-44734High7.52024-10-11Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.
CVE-2024-44729High7.52024-10-11Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.
CVE-2024-46307High7.52024-10-09A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products.
CVE-2024-46304High7.52024-10-09A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.
CVE-2024-46292High7.52024-10-09A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter.
CVE-2024-25885High7.52024-10-08An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.
CVE-2024-21532High7.32024-10-08All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed…
CVE-2024-45754High7.22024-10-11An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11.
CVE-2024-47191High7.12024-10-09pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.
CVE-2024-38818Medium6.72024-10-09VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.
CVE-2024-38817Medium6.72024-10-09VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.
CVE-2024-48987Medium6.62024-10-11Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY.
CVE-2024-45933Medium6.62024-10-07OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint.
CVE-2024-46215Medium6.52024-10-11A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer…
CVE-2024-44415Medium6.52024-10-11A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow.
CVE-2023-45872Medium6.52024-10-09An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1.
CVE-2023-45359Medium6.52024-10-09An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1.
CVE-2024-21533Medium6.52024-10-08All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to.
CVE-2024-45919Medium6.52024-10-07A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges.
CVE-2024-46040Medium6.52024-10-07IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration.
CVE-2024-45184Medium6.22024-10-11An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300.
CVE-2024-48937Medium6.12024-10-11Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS.
CVE-2023-45361Medium6.12024-10-09An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1.
CVE-2024-42831Medium6.12024-10-07A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter…
CVE-2024-48942Medium5.92024-10-10The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint.
CVE-2024-46325Medium5.52024-10-07TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url.
CVE-2024-48941Medium5.42024-10-10The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket.
CVE-2024-46237Medium5.42024-10-09PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php.
CVE-2024-44807Medium5.32024-10-11A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD.
CVE-2024-42934Medium5.02024-10-09OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution.
CVE-2024-36814Medium4.92024-10-08An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.
CVE-2024-46410Medium4.82024-10-08PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature
CVE-2024-45932Medium4.82024-10-07Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2.
CVE-2024-44731Medium4.72024-10-11Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.
CVE-2024-38815Medium4.32024-10-09VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.
CVE-2024-42988Medium4.32024-10-09Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility setting…
CVE-2023-36325Low3.72024-10-09i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior…
CVE-2024-27457Low2.52024-10-08Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure via local access.

Juniper · 28 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47490High8.22024-10-11An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause i…
CVE-2024-47504High7.52024-10-11An Improper Validation of Specified Type of Input vulnerability in the packet forwarding engine (pfe) Juniper Networks Junos OS on SRX5000 Series allows an unauthenticated, network based attacker to cause a Denial of Service (Dos).
CVE-2024-47502High7.52024-10-11An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).
CVE-2024-47499High7.52024-10-11An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (Do…
CVE-2024-47497High7.52024-10-11An Uncontrolled Resource Consumption vulnerability in the http daemon (httpd) of Juniper Networks Junos OS on SRX Series, QFX Series, MX Series and EX Series allows an unauthenticated, network-based attacker to cause Denial-of-Service (DoS…
CVE-2024-39547High7.52024-10-11An Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD allows an unauthenticated network-based attacker sending crafted TCP traffic to the routing engine…
CVE-2024-39525High7.52024-10-09An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specific BGP packet to cause rpd…
CVE-2024-39516High7.52024-10-09An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to cra…
CVE-2024-39515High7.52024-10-09An Improper Validation of Consistency within Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP p…
CVE-2024-39563High7.32024-10-11A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote com…
CVE-2024-47495Medium6.72024-10-11An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved…
CVE-2024-47509Medium6.52024-10-11An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial…
CVE-2024-47508Medium6.52024-10-11An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial…
CVE-2024-47505Medium6.52024-10-11An Allocation of Resources Without Limits or Throttling vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an authenticated, network-based attacker to cause an FPC crash leading to a Denial…
CVE-2024-47503Medium6.52024-10-11An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically adjacent attacker to cause a Den…
CVE-2024-47498Medium6.52024-10-11An Unimplemented or Unsupported Feature in UI vulnerability in the CLI of Juniper Networks Junos OS Evolved on QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).
CVE-2024-47493Medium6.52024-10-11A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause…
CVE-2024-39526Medium6.52024-10-11An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series with MPC10/MPC11/LC9600 line cards, EX9200 with EX9200-15C lines cards, MX304 devices, and Juniper Networks Junos O…
CVE-2024-47506Medium5.92024-10-11A Deadlock vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
CVE-2024-47494Medium5.92024-10-11A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the AgentD process of Juniper Networks Junos OS allows an attacker who is already causing impact to established sessions which generates counter changes picked up by the…
CVE-2024-47491Medium5.92024-10-11An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause Denial of Service (DoS).
CVE-2024-47507Medium5.82024-10-11An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an integrity impact to…
CVE-2024-47489Medium5.82024-10-11An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit pr…
CVE-2024-47501Medium5.52024-10-11A NULL Pointer Dereference vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C allows a locally authenticated attacker with low privileges to caus…
CVE-2024-47496Medium5.52024-10-11A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).
CVE-2024-39527Medium5.52024-10-11An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the…
CVE-2024-39534Medium5.42024-10-11An Incorrect Comparison vulnerability in the local address verification API of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker to create sessions or send traffic to the device using the network and bro…
CVE-2024-39544Medium5.02024-10-11An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive inform…

Siemens · 28 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47553Critical9.92024-10-08A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0).
CVE-2024-41798Critical9.82024-10-08A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions).
CVE-2024-47562High8.82024-10-08A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0).
CVE-2023-52952High8.52024-10-08A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 18 pro (J31032-K2017-H260) (A…
CVE-2024-47046High7.82024-10-08A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions).
CVE-2024-45475High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45474High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45473High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45472High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45471High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45470High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45469High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45468High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45467High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45466High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45465High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45464High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-45463High7.82024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…
CVE-2024-41981High7.82024-10-08A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions).
CVE-2024-41902High7.82024-10-08A vulnerability has been identified in JT2Go (All versions < V2406.0003).
CVE-2024-47196Medium6.72024-10-08A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2).
CVE-2024-47195Medium6.72024-10-08A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3).
CVE-2024-47194Medium6.72024-10-08A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3).
CVE-2024-47563Medium5.32024-10-08A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0).
CVE-2024-46887Medium5.32024-10-08The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint.
CVE-2024-46886Medium4.72024-10-08The web server of affected devices does not properly validate input that is used for a user redirection.
CVE-2024-47565Medium4.32024-10-08A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0).
CVE-2024-45476Low3.32024-10-08A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Sim…

Adobe · 25 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45115Critical9.82024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation.
CVE-2024-45148High8.82024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass.
CVE-2024-45116High8.12024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code.
CVE-2024-45117High7.62024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read.
CVE-2024-45132Medium6.52024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation.
CVE-2024-45118Medium6.52024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-45123Medium6.12024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2024-45145Medium5.52024-10-09Lightroom Desktop versions 7.4.1, 13.5, 12.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-20787Medium5.52024-10-09Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-45131Medium5.42024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-45128Medium5.42024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass.
CVE-2024-45153Medium5.42024-10-07Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-45124Medium5.32024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-45119Medium4.92024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
CVE-2024-45127Medium4.82024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields.
CVE-2024-45130Medium4.32024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-45129Medium4.32024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation.
CVE-2024-45125Medium4.32024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
CVE-2024-45122Medium4.32024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-45121Medium4.32024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-45120Low3.12024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass.
CVE-2024-45149Low2.72024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-45135Low2.72024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
CVE-2024-45134Low2.72024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass.
CVE-2024-45133Low2.72024-10-10Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass.

Google · 24 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20103Critical9.82024-10-07In wlan firmware, there is a possible out of bounds write due to improper input validation.
CVE-2024-20101Critical9.82024-10-07In wlan driver, there is a possible out of bounds write due to improper input validation.
CVE-2024-20100Critical9.82024-10-07In wlan driver, there is a possible out of bounds write due to improper input validation.
CVE-2024-9859High8.82024-10-11Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2024-9603High8.82024-10-08Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-9602High8.82024-10-08Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2024-20092High7.82024-10-07In vdec, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-8912High7.52024-10-11An HTTP Request Smuggling vulnerability in Looker allowed an unauthorized attacker to capture HTTP responses destined for legitimate users.
CVE-2024-20099Medium6.72024-10-07In power, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-20098Medium6.72024-10-07In power, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-20090Medium6.72024-10-07In vdec, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-39438Medium6.52024-10-09In linkturbonative service, there is a possible command injection due to improper input validation.
CVE-2024-39437Medium6.52024-10-09In linkturbonative service, there is a possible command injection due to improper input validation.
CVE-2024-39436Medium6.52024-10-09In linkturbonative service, there is a possible command injection due to improper input validation.
CVE-2024-39440Medium6.22024-10-09In DRM service, there is a possible system crash due to null pointer dereference.
CVE-2024-39439Medium6.22024-10-09In DRM service, there is a possible out of bounds write due to a missing bounds check.
CVE-2024-34663Medium5.32024-10-08Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.
CVE-2024-20102Medium4.92024-10-07In wlan driver, there is a possible out of bounds read due to improper input validation.
CVE-2024-20097Medium4.42024-10-07In vdec, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-20096Medium4.42024-10-07In m4u, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-20095Medium4.42024-10-07In m4u, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-20093Medium4.42024-10-07In vdec, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-20091Medium4.42024-10-07In vdec, there is a possible out of bounds read due to a missing bounds check.
CVE-2024-34664Medium4.12024-10-08Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.

Qualcomm · 20 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33066Critical9.82024-10-07Memory corruption while redirecting log file to any file location with any file name.
CVE-2024-38399High8.42024-10-07Memory corruption while processing user packets to generate page faults.
CVE-2024-33065High8.42024-10-07Memory corruption while taking snapshot when an offset variable is set by camera driver.
CVE-2024-33073High8.22024-10-07Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.
CVE-2024-33064High8.22024-10-07Information disclosure while parsing the multiple MBSSID IEs from the beacon.
CVE-2024-43047High7.8KEV2024-10-07Memory corruption while maintaining memory maps of HLOS memory.
CVE-2024-23369High7.82024-10-07Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers.
CVE-2024-21455High7.82024-10-07Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver.
CVE-2024-38397High7.52024-10-07Transient DOS while parsing probe response and assoc response frame.
CVE-2024-33071High7.52024-10-07Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.
CVE-2024-33070High7.52024-10-07Transient DOS while parsing ESP IE from beacon/probe response frame.
CVE-2024-33069High7.52024-10-07Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.
CVE-2024-33049High7.52024-10-07Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.
CVE-2024-23379Medium6.72024-10-07Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario.
CVE-2024-23378Medium6.72024-10-07Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record.
CVE-2024-23376Medium6.72024-10-07Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call.
CVE-2024-23375Medium6.72024-10-07Memory corruption during the network scan request.
CVE-2024-23374Medium6.72024-10-07Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file.
CVE-2024-23370Medium6.72024-10-07Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same.
CVE-2024-38425Medium6.12024-10-07Information disclosure while sending implicit broadcast containing APP launch information.

Linux · 16 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47659High8.82024-10-09In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4…
CVE-2024-47670High7.82024-10-09In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when…
CVE-2024-47673Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will tri…
CVE-2024-47671Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields.
CVE-2024-47669Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 ("nilfs2: separate wait function from nilfs_segctor_write") was applied, the…
CVE-2024-47667Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 (SPRZ452D_July 2018_Revised December 2019 […
CVE-2024-47666Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RES…
CVE-2024-47665Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Definitely condition dma_get_cache_alignment * defined value > 256 during driver initialization is not…
CVE-2024-47664Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware If the value of max_speed_hz is 0, it may cause a division by zero error in hisi_calc_…
CVE-2024-47663Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0.
CVE-2024-47662Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why] These registers should not be read from driver and triggering the security violation when D…
CVE-2024-47661Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned 0xFFFF.
CVE-2024-47658Medium5.52024-10-09In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning.
CVE-2024-47668Medium4.72024-10-09In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that incr…
CVE-2024-47660Medium4.72024-10-09In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries.
CVE-2024-46870Medium4.72024-10-09In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-9786High8.82024-10-10A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06.
CVE-2024-9785High8.82024-10-10A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06.
CVE-2024-9784High8.82024-10-10A vulnerability classified as critical has been found in D-Link DIR-619L B1 2.06.
CVE-2024-9783High8.82024-10-10A vulnerability was found in D-Link DIR-619L B1 2.06.
CVE-2024-9782High8.82024-10-10A vulnerability was found in D-Link DIR-619L B1 2.06.
CVE-2024-9570High8.82024-10-07A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical.
CVE-2024-9569High8.82024-10-07A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical.
CVE-2024-9568High8.82024-10-07A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06.
CVE-2024-9567High8.82024-10-07A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06.
CVE-2024-9566High8.82024-10-07A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06.
CVE-2024-9565High8.82024-10-07A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical.
CVE-2024-9564High8.82024-10-07A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA.
CVE-2024-9563High8.82024-10-07A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA.
CVE-2024-9792Low2.42024-10-10A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017.

Gradio-app · 12 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47167Critical9.82024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47871Critical9.12024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47084High8.32024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47870High8.12024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47868High7.52024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47867High7.52024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47164Medium6.52024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47872Medium5.42024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47165Medium5.42024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47166Medium5.32024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47168Medium4.32024-10-10Gradio is an open-source Python package designed for quick prototyping.
CVE-2024-47869Low3.72024-10-10Gradio is an open-source Python package designed for quick prototyping.

Lenovo · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9046High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4132High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4131High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4130High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges.
CVE-2024-4089High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33582High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33581High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33580High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33579High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges.
CVE-2024-33578High7.82024-10-11A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges.
CVE-2024-5474Medium5.52024-10-11A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the system with elevated privileges durin…

Ivanti · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7612High8.82024-10-08Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components.
CVE-2024-9167High7.82024-10-08Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.
CVE-2024-47011High7.52024-10-08Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information
CVE-2024-47008High7.52024-10-08Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVE-2024-47007High7.52024-10-08A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47010High7.32024-10-08Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVE-2024-47009High7.32024-10-08Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication.
CVE-2024-9381High7.22024-10-08Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions.
CVE-2024-9380High7.2KEV2024-10-08An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.
CVE-2024-9379Medium6.5KEV2024-10-08SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

Palo Alto Networks · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9465Critical9.1KEV2024-10-09An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys.
CVE-2024-9473High7.82024-10-09A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM through the use of the repair fu…
CVE-2024-9468High7.52024-10-09A memory corruption vulnerability in Palo Alto Networks PAN-OS software allows an unauthenticated attacker to crash PAN-OS due to a crafted packet through the data plane, resulting in a denial of service (DoS) condition.
CVE-2024-9463High7.5KEV2024-10-09An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations…
CVE-2024-9466Medium6.52024-10-09A cleartext storage of sensitive information vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials.
CVE-2024-9464Medium6.52024-10-09An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, a…
CVE-2024-9467Medium6.12024-10-09A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that c…
CVE-2024-9471Medium4.72024-10-09A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privile…
CVE-2024-94702024-10-09A vulnerability in Cortex XSOAR allows the disclosure of incident data to users who do not have the privilege to view the data.

Samsung · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34669High7.52024-10-08Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege.
CVE-2024-34668High7.52024-10-08Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege.
CVE-2024-34667High7.52024-10-08Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege.
CVE-2024-34666High7.52024-10-08Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege.
CVE-2024-34665High7.52024-10-08Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege.
CVE-2024-34662Medium6.22024-10-08Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.
CVE-2024-34672Medium5.52024-10-08Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.
CVE-2024-34670Medium4.02024-10-08Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information.
CVE-2024-34671Low3.32024-10-08Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information.

Solidigm · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47975High7.02024-10-07Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.
CVE-2024-47976Medium6.72024-10-07Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.
CVE-2024-47971Medium6.52024-10-07Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service.
CVE-2024-47969Medium6.22024-10-07Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
CVE-2024-47973Medium5.12024-10-07In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker.
CVE-2024-47968Medium4.42024-10-07Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service.
CVE-2024-47974Medium4.42024-10-07Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service.
CVE-2024-47967Medium4.42024-10-07Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
CVE-2024-47972Medium4.02024-10-07Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.

Progress · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8015Critical9.12024-10-09In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
CVE-2024-8014High8.82024-10-09In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
CVE-2024-8755High8.42024-10-11Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) …
CVE-2024-8048High7.82024-10-09In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
CVE-2024-7840High7.82024-10-09In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
CVE-2024-7294High7.52024-10-09In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
CVE-2024-7293High7.52024-10-09In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
CVE-2024-7292High7.52024-10-09In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.

Gitlab · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9164Critical9.62024-10-11An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches.
CVE-2024-8970High8.22024-10-11An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user u…
CVE-2024-8977High8.22024-10-10An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2.
CVE-2024-6530High7.32024-10-10A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 17.1 prior 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2.
CVE-2024-9623Medium4.92024-10-10An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository.
CVE-2024-5005Medium4.32024-10-11An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users t…
CVE-2024-9596Low3.72024-10-10An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2.

Schneider Electric · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8884Critical9.82024-10-08CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http
CVE-2024-9002High7.82024-10-11CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalati…
CVE-2024-8422High7.82024-10-08CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file.
CVE-2024-8531High7.22024-10-11CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.
CVE-2024-8530Medium5.92024-10-11CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS.
CVE-2024-8518Low3.32024-10-08CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user.
CVE-2024-90052024-10-08CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server.

Code-projects · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9812High7.32024-10-10A vulnerability classified as critical was found in code-projects Crud Operation System 1.0.
CVE-2024-9811High7.32024-10-10A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0.
CVE-2024-9797High7.32024-10-10A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0.
CVE-2024-9804Medium4.72024-10-10A vulnerability was found in code-projects Blood Bank System 1.0.
CVE-2024-9805Low3.52024-10-10A vulnerability was found in code-projects Blood Bank System 1.0.
CVE-2024-9803Low3.52024-10-10A vulnerability was found in code-projects Blood Bank Management System 1.0.

Jetbrains · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48902Medium5.42024-10-10In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API
CVE-2024-47949Medium4.92024-10-08In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
CVE-2024-47948Medium4.92024-10-08In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
CVE-2024-47161Medium4.32024-10-08In JetBrains TeamCity before 2024.07.3 password could be exposed via Sonar runner REST API
CVE-2024-47951Low3.52024-10-08In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
CVE-2024-47950Low3.52024-10-08In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings

Codezips · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9814High7.32024-10-10A vulnerability, which was classified as critical, was found in Codezips Pharmacy Management System 1.0.
CVE-2024-9813High7.32024-10-10A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0.
CVE-2024-9794Medium6.32024-10-10A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0.
CVE-2024-9816Medium4.72024-10-10A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical.
CVE-2024-9815Medium4.72024-10-10A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical.

Delta Electronics · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47966High7.82024-10-10Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it.
CVE-2024-47965High7.82024-10-10Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer.
CVE-2024-47964High7.82024-10-10Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer.
CVE-2024-47963High7.82024-10-10Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object.
CVE-2024-47962High7.82024-10-10Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer.

Dena · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45402High8.62024-10-11Picotls is a TLS protocol library that allows users select different crypto backends based on their use case.
CVE-2024-45396High7.52024-10-11Quicly is an IETF QUIC protocol implementation.
CVE-2024-45397Medium5.92024-10-11h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3.
CVE-2024-45403Low3.72024-10-11h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3.
CVE-2024-25622Low3.12024-10-11h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3.

Discourse · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47773High8.22024-10-08Discourse is an open source platform for community discussion.
CVE-2024-45051High8.22024-10-07Discourse is an open source platform for community discussion.
CVE-2024-43789High7.52024-10-07Discourse is an open source platform for community discussion.
CVE-2024-47772Medium6.52024-10-07Discourse is an open source platform for community discussion.
CVE-2024-45297Medium5.32024-10-07Discourse is an open source platform for community discussion.

Miraheze · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47782High7.62024-10-07WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis.
CVE-2024-47816Medium6.42024-10-09ImportDump is a mediawiki extension designed to automate user import requests.
CVE-2024-47781Medium6.12024-10-07CreateWiki is an extension used at Miraheze for requesting & creating wikis.
CVE-2024-47815Medium6.02024-10-09IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables.
CVE-2024-47812Medium6.02024-10-09ImportDump is an extension for mediawiki designed to automate user import requests.

Open-webui · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7037High7.22024-10-09In version v0.3.8 of open-webui/open-webui, the endpoint /api/pipelines/upload is vulnerable to arbitrary file write and delete due to unsanitized file.filename concatenation with CACHE_DIR.
CVE-2024-7041Medium6.52024-10-09An Insecure Direct Object Reference (IDOR) vulnerability exists in open-webui/open-webui version v0.3.8.
CVE-2024-7049Medium5.42024-10-10In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in.
CVE-2024-7048Medium5.42024-10-10In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc.
CVE-2024-7038Low2.72024-10-09An information disclosure vulnerability exists in open-webui version 0.3.8.

Openatom · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39806Medium5.52024-10-08in OpenHarmony v4.1.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2024-39831Medium4.42024-10-08in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free.
CVE-2024-45382Low3.32024-10-08in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.
CVE-2024-43697Low3.32024-10-08in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through improper input.
CVE-2024-43696Low3.32024-10-08in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS by memory leak.

Phpoffice · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45290High7.72024-10-07PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.
CVE-2024-45293High7.52024-10-07PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.
CVE-2024-45060High7.12024-10-07PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.
CVE-2024-45291Medium6.32024-10-07PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.
CVE-2024-45292Medium5.42024-10-07PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files.

Red Hat · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3656High8.12024-10-09A flaw was found in Keycloak.
CVE-2024-9671Medium5.32024-10-09A vulnerability was found in 3Scale.
CVE-2024-9622Medium5.32024-10-08A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques.
CVE-2024-9621Medium5.32024-10-08A vulnerability was found in Quarkus CXF.
CVE-2024-9620Medium5.32024-10-08A flaw was found in Event-Driven Automation (EDA) in Ansible Automation Platform (AAP), which lacks encryption of sensitive information.

Sap · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-37179High7.72024-10-08SAP BusinessObjects Business Intelligence Platform allows an authenticated user to send a specially crafted request to the Web Intelligence Reporting Server to download any file from the machine hosting the service, causing high impact on…
CVE-2024-47594Medium5.42024-10-08SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet.
CVE-2024-45278Medium5.42024-10-08SAP Commerce Backoffice does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2024-45282Medium4.32024-10-08Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method.
CVE-2024-45277Medium4.32024-10-08The SAP HANA Node.js client package versions from 2.0.0 before 2.21.31 is impacted by Prototype Pollution vulnerability allowing an attacker to add arbitrary properties to global object prototypes.

Xerox · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47557High8.32024-10-07Pre-Auth RCE via Path Traversal
CVE-2024-47556High8.32024-10-07Pre-Auth RCE via Path Traversal
CVE-2024-47555High8.32024-10-07Missing Authentication - User & System Configuration
CVE-2024-47559High7.62024-10-07Authenticated RCE via Path Traversal
CVE-2024-47558High7.62024-10-07Authenticated RCE via Path Traversal

Cacti · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43362High7.32024-10-07Cacti is an open source performance and fault management framework.
CVE-2024-43363High7.22024-10-07Cacti is an open source performance and fault management framework.
CVE-2024-43365Medium5.72024-10-07Cacti is an open source performance and fault management framework.
CVE-2024-43364Medium5.72024-10-07Cacti is an open source performance and fault management framework.

Php · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8926High8.12024-10-08In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still…
CVE-2024-8927High7.52024-10-08In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server.
CVE-2024-9026Low3.32024-10-08In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove u…
CVE-2024-8925Low3.12024-10-08In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed.

Soplanning · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9574Critical9.82024-10-07SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in…
CVE-2024-9573Medium6.32024-10-07SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.
CVE-2024-9572Medium6.32024-10-07Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter.
CVE-2024-9571Medium6.32024-10-07Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters.

Lylme · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9790Medium4.72024-10-10A vulnerability was found in LyLme_spage 1.9.5.
CVE-2024-9789Medium4.72024-10-10A vulnerability was found in LyLme_spage 1.9.5 and classified as critical.
CVE-2024-9788Medium4.72024-10-10A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical.

Oretnom23 · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9818High7.32024-10-10A vulnerability classified as critical has been found in SourceCodester Online Veterinary Appointment System 1.0.
CVE-2024-9809Medium6.32024-10-10A vulnerability was found in SourceCodester Online Eyewear Shop 1.0.
CVE-2024-9808Medium6.32024-10-10A vulnerability was found in SourceCodester Online Eyewear Shop 1.0.

Redis · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-31449High7.02024-10-07Redis is an open source, in-memory database that persists on disk.
CVE-2024-31228Medium5.52024-10-07Redis is an open source, in-memory database that persists on disk.
CVE-2024-31227Medium4.42024-10-07Redis is an open source, in-memory database that persists on disk.

Rockwell Automation · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9124High7.52024-10-08A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 600T.
CVE-2024-8626High7.52024-10-08Due to a memory leak, a denial-of-service vulnerability exists in the Rockwell Automation affected products.
CVE-2024-94122024-10-08An improper authorization vulnerability exists in the Rockwell Automation affected products that could allow an unauthorized user to sign in.

Sonicwall · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45316High7.82024-10-11The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders and files, po…
CVE-2024-45317High7.52024-10-11A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP…
CVE-2024-45315Medium5.52024-10-11The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders and files, po…

Userplus · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9518Critical9.82024-10-10The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions.
CVE-2024-9519High7.22024-10-10The UserPlus plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'save_metabox_form' function in versions up to, and including, 2.0.
CVE-2024-9520Medium6.32024-10-10The UserPlus plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.0.

Wpcodefactory · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9232Medium6.12024-10-11The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.1.
CVE-2024-9377Medium6.12024-10-10The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, a…
CVE-2024-9205Medium6.12024-10-10The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8.

07fly · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9855Medium4.72024-10-11A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8.
CVE-2024-9856Low2.42024-10-11A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8.

Bytecodealliance · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47763Medium5.52024-10-09Wasmtime is an open source runtime for WebAssembly.
CVE-2024-47813Low2.92024-10-09Wasmtime is an open source runtime for WebAssembly.

Classroombookings · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9806Low3.52024-10-10A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic.
CVE-2024-9807Low2.42024-10-10A vulnerability was found in Craig Rodway Classroombookings 2.8.7 and classified as problematic.

Debian · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9680Critical9.8KEV2024-10-09An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
CVE-2024-46871High7.82024-10-09In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmub_notification_type.

Djangoproject · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45230High7.52024-10-08An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16.
CVE-2024-45231Medium5.32024-10-08An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16.

Fortinet · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45330High7.22024-10-08A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
CVE-2024-33506Low3.32024-10-08An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiManager 7.4.2 and below, 7.2.5 and below, 7.0.12 and below allows a remote authenticated attacker assigned to an Administrative Domain (ADOM) to…

Github · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9487Critical9.12024-10-10An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed SAML SSO authentication to be bypassed resulting in unauthorized provisioning of users and access to the instance.
CVE-2024-9539Medium4.32024-10-11An information disclosure vulnerability was identified in GitHub Enterprise Server via attacker uploaded asset URL allowing the attacker to retrieve metadata information of a user who clicks on the URL and further exploit it to create a co…

Kainelabs · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8987Medium6.42024-10-10The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youzify_media shortcode in all versions up to, and includ…
CVE-2024-9067Medium4.32024-10-10The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'delete_attachment' functio…

Latepoint · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8943Critical9.82024-10-08The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.0.12.
CVE-2024-8911Critical9.82024-10-08The LatePoint plugin for WordPress is vulnerable to Arbitrary User Password Change via SQL Injection in versions up to, and including, 5.0.11.

Libarchive · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48958High7.82024-10-10execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
CVE-2024-48957High7.82024-10-10execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.

Limesurvey · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28710Medium6.12024-10-07Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
CVE-2024-28709Medium6.12024-10-07Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.

Linkz.ai · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9586Medium6.52024-10-11The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_auth' and 'check_logout' functions in versions up to, and including, 1.1.8.
CVE-2024-9587Medium5.42024-10-11The Linkz.ai plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_linkz' function in versions up to, and including, 1.1.8.

Linuxfoundation · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9798Critical9.02024-10-10The health endpoint is public so everybody can see a list of all services.
CVE-2024-9802Medium5.32024-10-10The conformance validation endpoint is public so everybody can verify the conformance of onboarded services.

Lollms · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6985Medium4.42024-10-11A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui.
CVE-2024-6971Medium4.42024-10-11A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file.

Tainacan · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48040High8.52024-10-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in tainacan Tainacan tainacan allows SQL Injection.This issue affects Tainacan: from n/a through <= 0.21.8.
CVE-2024-9221Medium6.12024-10-11The Tainacan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.21.10.

Themehunk · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9707Critical9.82024-10-11The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4.
CVE-2024-8433Medium6.42024-10-08The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input san…

Winhex · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-6362High7.32024-10-07A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4.
CVE-2023-6361High7.32024-10-07A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4.

Wireshark · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9781High7.82024-10-10AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file
CVE-2024-9780High7.82024-10-10ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

10web · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5968Medium4.82024-10-09The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when th…

Abb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6157Medium5.12024-10-10An attacker who successfully exploited these vulnerabilities could cause the robot to stop.

Afragen · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9451Medium6.42024-10-09The Embed PDF Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' and 'width' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping.

Amirhelzer · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8629Medium6.12024-10-08The WooCommerce Multilingual & Multicurrency with WPML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.3.7.

Ampache · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47828Medium5.32024-10-09ampache is a web based audio/video streaming application and file manager.

Andreamarinucci · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9685Medium4.32024-10-10The Notification for Telegram plugin for WordPress is vulnerable to unauthorized test message sending due to a missing capability check on the 'nftb_test_action' function in versions up to, and including, 3.3.1.

Angeljudesuarez · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-46300Medium6.12024-10-07itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php.

Apache · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-28168High7.52024-10-09Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP.

Apple · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-44157Medium5.52024-10-11A stack buffer overflow was addressed through improved input validation.

Ataurr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9234Critical9.82024-10-11The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() functi…

Avaiga · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47833Medium6.52024-10-09Taipy is an open-source Python library for easy, end-to-end application development for data scientists and machine learning engineers.

Ays-pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8488Medium4.42024-10-08The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping.

Baptiste.gourdin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48033Critical9.82024-10-11Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects Talkback: from n/a through <= 1.0.

Bit Apps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47335High7.62024-10-07Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bit Apps Bit Form bit-form allows SQL Injection.This issue affects Bit Form: from n/a through <= 2.13.11.

Bitcoin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35202High7.52024-10-10Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root.

Bitpressadmin · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9507Medium4.92024-10-11The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to impro…

Blackberry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-35215Medium6.22024-10-08NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the cont…

Blockmeister · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9616Medium6.12024-10-11The BlockMeister – Block Pattern Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.10.

Blood_bank_system_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9817Medium6.32024-10-10A vulnerability was found in code-projects Blood Bank System 1.0.

Blubrry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9543Medium6.42024-10-11The PowerPress Podcasting plugin by Blubrry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skipto' shortcode in all versions up to, and including, 11.9.18 due to insufficient input sanitization and outp…

Bluecms_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45894Medium4.92024-10-07BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.

Boonebgorges · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9207Medium6.12024-10-08The BuddyPress Docs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.3.

Brechtvds · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9051Medium6.42024-10-11The WP Ultimate Post Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpupg-grid-with-filters shortcode in all versions up to, and including, 3.9.3 due to insufficient input sanitization and output es…

Brevo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8477Medium4.32024-10-10The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87.

Brianbrey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8729Medium6.12024-10-10The Easy Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.5.

Btcd_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-38365High7.42024-10-11btcd is an alternative full node bitcoin implementation written in Go (golang).

Buildah_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9675High7.82024-10-09A vulnerability was found in Buildah.

C-mor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45179High7.22024-10-09An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01.

Canonical · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9312High7.52024-10-10Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions.

Ccontrols · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9787Medium5.32024-10-10A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2.

Checkmk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6747Medium5.32024-10-10Information leakage in mknotifyd in Checkmk before 2.3.0p18, 2.2.0p36, 2.1.0p49 and in 2.0.0p39 (EOL) allows attacker to get potentially sensitive data

Cmsmasters · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7963Medium6.42024-10-09The CMSMasters Content Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's multiple shortcodes in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping o…

Codeclysm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47877High7.52024-10-11Extract is aA Go library to extract archives in zip, tar.gz or tar.bz2 formats.

Creativemindssolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48041Medium6.52024-10-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Tooltip Glossary enhanced-tooltipglossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a th…

Cssjockey · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9457Medium6.42024-10-10The WP Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping.

Curator · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9057Medium6.42024-10-10The Curator.io: Show all your social media posts in a beautiful feed.

Cure53 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47875Critical10.02024-10-11DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

Dale668 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9066Medium6.42024-10-10The Marketing and SEO Booster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.10 due to insufficient input sanitization and output escaping.

Dataease · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47074Critical9.82024-10-11DataEase is an open source data visualization analysis tool.

Dell · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39586Low2.92024-10-09Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability.

Devitemsllc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9538Medium4.32024-10-11The ShopLentor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.8 via the 'render' function in includes/addons/wl_faq.php.

Directus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47822Medium4.22024-10-08Directus is a real-time API and App dashboard for managing SQL database content.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-44674Medium5.72024-10-07D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow.

Draytek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-46316High8.02024-10-09DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi.

Eclipse · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8376High7.52024-10-11In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.

Essamamdani · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9074Medium6.42024-10-10The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-72062024-10-08SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware

Eyecix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47636Critical9.82024-10-10Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9.

Follet School Solutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-470952024-10-08Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the expiredSupportMessage parameter of handleloginform.do.

Fortra · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8264Medium5.52024-10-09Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.

Fullservices · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9211Medium6.12024-10-11The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.22.

Gdpr-extensions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9072Medium6.42024-10-10The GDPR-Extensions-com – Consent Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping.

Gregross · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9449Medium6.42024-10-09The Auto iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping.

Happyplugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9581High7.32024-10-10The Shortcodes AnyWhere plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.1.

Hashicorp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9180High7.22024-10-10A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy.

Hcl Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30118Low3.52024-10-09HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.

Hdfgroup · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-32608Critical9.82024-10-09HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.

Hp, Inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-27458High8.82024-10-07A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege.

Indutny · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48949Critical9.12024-10-10The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

Internet-formation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9796Critical9.82024-10-10The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Inventree · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47610High7.32024-10-07InvenTree is an Open Source Inventory Management System.

Jkev · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9810Low3.52024-10-10A vulnerability was found in SourceCodester Record Management System 1.0.

Jpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-46468High7.52024-10-11A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.

Lagunaisw · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9522High8.82024-10-10The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0.

Lara-zeus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47817Medium6.12024-10-07Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem.

Laravel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47823Critical9.82024-10-08Livewire is a full-stack framework for Laravel that allows for dynamic UI components without leaving PHP.

Lemonldap-ng · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48933Medium6.12024-10-09A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows spec…

Linux Workbooth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9576High7.02024-10-07Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.

Makeplane · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47830Critical9.32024-10-11Plane is an open-source project management tool.

Matbao · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9065Medium5.32024-10-10The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whp_smtp_send_mail_test' function in all versions up to, and including, 4.6.1.

Mecha-cms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-46446Critical9.82024-10-07Mecha CMS 3.0.0 is vulnerable to Directory Traversal.

Mediatek · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-20094High7.52024-10-07In Modem, there is a possible system crash due to a missing bounds check.

Meshtastic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47079Medium6.42024-10-07Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices.

Metagauss · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47648Medium4.72024-10-10URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5.

Michaelzangl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9346Medium6.12024-10-11The Embed videos and respect privacy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'v' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping.

Milestone Systems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3506Medium6.72024-10-08A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions.

Namogo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9064Medium6.42024-10-10The Elementor Inline SVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping.

Netapp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47814Low3.92024-10-07Vim is an open source, command line text editor.

Ninja Team · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47331Critical9.32024-10-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ninja Team Multi Step for Contact Form cf7-multi-step allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a throu…

Pac4j · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-255812024-10-10pac4j is a security framework for Java.

Pax · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-42133Medium6.72024-10-11PAX Android based POS devices allow for escalation of privilege via improperly configured scripts.

Payara · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8215High8.42024-10-08Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 b…

Pedalo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9822Critical9.82024-10-11The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5.

Posimyth · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8913Medium4.32024-10-11The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.6.11 via the render function…

Publishpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9436Medium6.12024-10-11The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all v…

Purestorage · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3057Critical9.82024-10-08A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

Qode · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9292Medium6.42024-10-08The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes.

Quarka · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8513Medium5.32024-10-10The QA Analytics – Web Analytics Tool with Heatmaps & Session Replay Across All Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_save_plugin_config() function in al…

Quomodosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47353Medium4.72024-10-11URL Redirection to Untrusted Site ('Open Redirect') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.

Rafasashi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9610Medium6.12024-10-11The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.7.13.

Rami.io Gmbh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-95752024-10-09Local File Inclusion vulnerability in pretix Widget WordPress plugin pretix-widget on Windows allows PHP Local File Inclusion.

Relevanssi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9021Medium5.42024-10-08In the process of testing the Relevanssi WordPress plugin before 4.23.1, a vulnerability was found that allows you to implement Stored XSS on behalf of the Contributor+ by embedding malicious script, which entails account takeover backdoor

Rems · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9799Low3.52024-10-10A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic.

Revmakx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48020High8.52024-10-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsu…

Robosoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8431Medium4.32024-10-08The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21.

Rocket.chat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42027Medium6.72024-10-07The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources.

Royal-elementor-addons · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8482Medium6.42024-10-08The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping.

Saltcorn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47818Medium6.52024-10-07Saltcorn is an extensible, open source, no-code database application builder.

Seur · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9201Critical9.42024-10-10The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.

Silabs.com · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6657Medium6.52024-10-11A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral.

Sirv · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8964Medium6.42024-10-08The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.2.9 due to insufficient input sanitization and output escaping.

Smashballoon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8983Medium4.82024-10-08Custom Twitter Feeds WordPress plugin before 2.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabil…

Ssoready · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47832Critical9.82024-10-09ssoready is a single sign on provider implemented via docker.

Stylemix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47344Medium5.32024-10-07Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Stylemix uListing ulisting.This issue affects uListing: from n/a through <= 2.1.5.

Te Informatics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-46582024-10-10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection.

Templateinvaders · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9156High7.52024-10-10The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

Tenda · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9793Medium6.32024-10-10A vulnerability classified as critical was found in Tenda AC1206 up to 15.03.06.23.

Total-soft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9022High7.22024-10-10The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.4.0 due to insufficient escaping on the user supplied paramet…

Trtek Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-92862024-10-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection.

Ttodua · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9611Medium6.12024-10-11The Increase upload file size & Maximum Execution Time limit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…

Typo3 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47780Low3.12024-10-08TYPO3 is a free and open source Content Management Framework.

Webtoffee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7514Medium6.52024-10-11The WordPress Comments Import & Export plugin for WordPress is vulnerable to to arbitrary file read due to insufficient file path validation during the comments import process, in versions up to, and including, 2.3.7.

Wp-buy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2022-4534Medium5.32024-10-08The Limit Login Attempts (Spam Protection) plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.3.

Wp.insider · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47354Medium4.72024-10-10URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership After Login Redirection simple-membership-after-login-redirection.This issue affects Simple Membership After Login Redirection: from n/a thro…

Zefr0x · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-478842024-10-11foxmarks is a CLI read-only interface for Firefox's bookmarks and history.

Zoho Flow · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47334High7.62024-10-09Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zoho Flow Zoho Flow zoho-flow allows SQL Injection.This issue affects Zoho Flow: from n/a through <= 2.7.1.

Zte · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-22068Medium6.02024-10-10Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series…