Patch Tuesday — November 2024

2024-11-12 · 1048 CVEs

CVEs published or modified the week of 2024-11-12, partitioned by vendor.

Microsoft (134 CVEs)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43602Critical9.92024-11-12Azure CycleCloud Remote Code Execution Vulnerability
CVE-2022-1884Critical9.82024-11-15A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server.
CVE-2024-43639Critical9.82024-11-12Windows KDC Proxy Remote Code Execution Vulnerability
CVE-2024-43498Critical9.82024-11-12.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-49060High8.82024-11-15Azure Stack HCI Elevation of Privilege Vulnerability
CVE-2024-11112High8.82024-11-12Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2024-49050High8.82024-11-12Visual Studio Code Python Extension Remote Code Execution Vulnerability
CVE-2024-49039High8.8KEV2024-11-12Windows Task Scheduler Elevation of Privilege Vulnerability
CVE-2024-49018High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49017High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49016High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49015High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49014High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49013High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49012High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49011High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49010High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49009High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49008High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49007High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49006High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49005High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49004High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49003High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49002High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49001High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49000High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48999High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48998High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48997High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48996High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48995High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48994High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-48993High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43635High8.82024-11-12Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43628High8.82024-11-12Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43627High8.82024-11-12Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43624High8.82024-11-12Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability
CVE-2024-43622High8.82024-11-12Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43621High8.82024-11-12Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43620High8.82024-11-12Windows Telephony Service Remote Code Execution Vulnerability
CVE-2024-43462High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-43459High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-38255High8.82024-11-12SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-11114High8.32024-11-12Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2024-39726High8.22024-11-15IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.
CVE-2024-49048High8.12024-11-12TorchGeo Remote Code Execution Vulnerability
CVE-2024-43625High8.12024-11-12Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2024-43598High8.12024-11-12LightGBM Remote Code Execution Vulnerability
CVE-2024-43447High8.12024-11-12Windows SMBv3 Server Remote Code Execution Vulnerability
CVE-2024-46465High7.82024-11-15By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges.
CVE-2024-49509High7.82024-11-12InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49508High7.82024-11-12InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49507High7.82024-11-12InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47452High7.82024-11-12Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47451High7.82024-11-12Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47450High7.82024-11-12Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47443High7.82024-11-12After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47442High7.82024-11-12After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47441High7.82024-11-12After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-45114High7.82024-11-12Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49051High7.82024-11-12Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2024-49046High7.82024-11-12Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-49043High7.82024-11-12Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
CVE-2024-49032High7.82024-11-12Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49031High7.82024-11-12Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2024-49030High7.82024-11-12Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49029High7.82024-11-12Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49028High7.82024-11-12Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49027High7.82024-11-12Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49026High7.82024-11-12Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49021High7.82024-11-12Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49019High7.82024-11-12Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2024-43644High7.82024-11-12Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2024-43641High7.82024-11-12Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43640High7.82024-11-12Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-43636High7.82024-11-12Win32k Elevation of Privilege Vulnerability
CVE-2024-43630High7.82024-11-12Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-43629High7.82024-11-12Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2024-43626High7.82024-11-12Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2024-43623High7.82024-11-12Windows NT OS Kernel Elevation of Privilege Vulnerability
CVE-2024-43530High7.82024-11-12Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-7571High7.82024-11-12Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-49528High7.82024-11-12Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49526High7.82024-11-12Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49514High7.82024-11-12Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49040High7.52024-11-12Microsoft Exchange Server Spoofing Vulnerability
CVE-2024-49033High7.52024-11-12Microsoft Word Security Feature Bypass Vulnerability
CVE-2024-43642High7.52024-11-12Windows SMB Denial of Service Vulnerability
CVE-2024-43499High7.52024-11-12.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-43452High7.52024-11-12Windows Registry Elevation of Privilege Vulnerability
CVE-2024-43450High7.52024-11-12Windows DNS Spoofing Vulnerability
CVE-2024-49056High7.32024-11-12Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
CVE-2024-9842High7.32024-11-12Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.
CVE-2024-49042High7.22024-11-12Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-43613High7.22024-11-12Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
CVE-2024-49049High7.12024-11-12Visual Studio Code Remote Extension Elevation of Privilege Vulnerability
CVE-2024-8539High7.12024-11-12Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
CVE-2024-43643Medium6.82024-11-12Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43638Medium6.82024-11-12Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43637Medium6.82024-11-12Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43634Medium6.82024-11-12Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-43449Medium6.82024-11-12Windows USB Video Class System Driver Elevation of Privilege Vulnerability
CVE-2024-38668Medium6.72024-11-13Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-38383Medium6.72024-11-13Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36253Medium6.72024-11-13Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-35201Medium6.72024-11-13Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.
CVE-2024-28952Medium6.72024-11-13Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-49044Medium6.72024-11-12Visual Studio Elevation of Privilege Vulnerability
CVE-2024-43646Medium6.72024-11-12Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43645Medium6.72024-11-12Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability
CVE-2024-43631Medium6.72024-11-12Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43633Medium6.52024-11-12Windows Hyper-V Denial of Service Vulnerability
CVE-2024-43451Medium6.5KEV2024-11-12NTLM Hash Disclosure Spoofing Vulnerability
CVE-2024-38203Medium6.22024-11-12Windows Package Library Manager Information Disclosure Vulnerability
CVE-2024-38264Medium5.92024-11-12Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
CVE-2024-49536Medium5.52024-11-15Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49512Medium5.52024-11-12InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49511Medium5.52024-11-12InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49510Medium5.52024-11-12InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47458Medium5.52024-11-12Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2024-47457Medium5.52024-11-12Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2024-47456Medium5.52024-11-12Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47455Medium5.52024-11-12Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47454Medium5.52024-11-12Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47453Medium5.52024-11-12Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47449Medium5.52024-11-12Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47446Medium5.52024-11-12After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47445Medium5.52024-11-12After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47444Medium5.52024-11-12After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-45147Medium5.52024-11-12Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-49527Medium5.52024-11-12Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47535Medium5.52024-11-12Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
CVE-2024-49025Medium5.42024-11-14Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Other vendors (914 CVEs across 286 vendors)

N/a · 149 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-44758Critical9.82024-11-15An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files.
CVE-2024-50724Critical9.82024-11-15KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp.
CVE-2024-50649Critical9.82024-11-15The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability.
CVE-2024-31695Critical9.82024-11-14A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint.
CVE-2024-50636Critical9.82024-11-11PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files.
CVE-2024-25255Critical9.82024-11-11Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module.
CVE-2024-44546Critical9.82024-11-11Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter.
CVE-2024-51135Critical9.82024-11-11An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XM…
CVE-2024-50667Critical9.82024-11-11The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6.
CVE-2024-50989Critical9.82024-11-11A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter.
CVE-2023-52268Critical9.12024-11-12The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint.
CVE-2024-46962Critical9.12024-11-11The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component.
CVE-2024-10979High8.82024-11-14Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g.
CVE-2024-36242High8.82024-11-13Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23918High8.82024-11-13Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-50970High8.82024-11-13A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2024-50854High8.82024-11-13Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.
CVE-2024-50853High8.82024-11-13Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
CVE-2024-50852High8.82024-11-13Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
CVE-2024-41992High8.82024-11-11Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used.
CVE-2020-10370High8.82024-11-11Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack.
CVE-2024-51093High8.72024-11-12Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code.
CVE-2024-38665High8.42024-11-13Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34023High8.42024-11-13Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36282High8.22024-11-13Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-46966High8.12024-11-11The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component.
CVE-2024-46964High8.12024-11-11The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component.
CVE-2024-46963High8.12024-11-11The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity compone…
CVE-2024-48322High8.12024-11-11UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.
CVE-2024-39368High8.02024-11-13Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent…
CVE-2024-28726High8.02024-11-12An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.
CVE-2024-51094High8.02024-11-12An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field.
CVE-2024-51141High7.82024-11-15An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a local attacker to execute arbitrary code via the WifiAutoInstallDriver.exe and MSASN1.dll components.
CVE-2024-46467High7.82024-11-15By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges.
CVE-2024-46466High7.82024-11-15By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform tasks with higher privileges.
CVE-2024-46463High7.82024-11-15By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges.
CVE-2024-46462High7.82024-11-15By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges.
CVE-2021-27700High7.62024-11-12SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions.
CVE-2024-44759High7.52024-11-15An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
CVE-2024-45969High7.52024-11-15NULL pointer dereference in the MMS Client in MZ Automation LibIEC1850 before commit 7afa40390b26ad1f4cf93deaa0052fe7e357ef33 allows a malicious server to Cause a Denial-of-Service via the MMS InitiationResponse message.
CVE-2024-24431High7.52024-11-15A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length.
CVE-2024-24426High7.52024-11-15Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP packet.
CVE-2024-50654High7.52024-11-15lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.
CVE-2024-50650High7.52024-11-15python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVE-2024-50647High7.52024-11-15The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information.
CVE-2024-50955High7.52024-11-13An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.
CVE-2024-31158High7.52024-11-13Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-31154High7.52024-11-13Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-28028High7.52024-11-13Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-51179High7.52024-11-12An issue in Open 5GS v.2.7.1 allows a remote attacker to cause a denial of service via the Network Function Virtualizations (NFVs) such as the User Plane Function (UPF) and the Session Management Function (SMF), The Packet Data Unit (PDU)…
CVE-2024-25253High7.52024-11-11Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module.
CVE-2024-48939High7.52024-11-11Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File.
CVE-2021-27702High7.32024-11-12Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.
CVE-2024-24985High7.22024-11-13Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-22185High7.22024-11-13Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21820High7.22024-11-13Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21799High7.12024-11-13Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-39766High7.02024-11-13Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32044Medium6.82024-11-13Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-49592Medium6.72024-11-15Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element.
CVE-2024-38387Medium6.72024-11-13Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37025Medium6.72024-11-13Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37024Medium6.72024-11-13Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-35245Medium6.72024-11-13Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34167Medium6.72024-11-13Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34165Medium6.72024-11-13Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34164Medium6.72024-11-13Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34028Medium6.72024-11-13Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of pri…
CVE-2024-34022Medium6.72024-11-13Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-31407Medium6.72024-11-13Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local…
CVE-2024-29083Medium6.72024-11-13Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29077Medium6.72024-11-13Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28950Medium6.72024-11-13Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28881Medium6.72024-11-13Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-26017Medium6.72024-11-13Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-25647Medium6.72024-11-13Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23312Medium6.72024-11-13Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34170Medium6.62024-11-13Improper buffer restrictions in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-28728Medium6.62024-11-12Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field.
CVE-2024-24446Medium6.52024-11-15An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF.
CVE-2024-24425Medium6.52024-11-15Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to contain an out-of-bounds read in the amf_as_establish_req function at /tasks/amf/amf_as.cpp.
CVE-2024-24449Medium6.52024-11-15An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialUEMessage message sent to the AMF.
CVE-2024-51027Medium6.52024-11-13Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter.
CVE-2024-50956Medium6.52024-11-13A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary…
CVE-2024-45877Medium6.52024-11-13baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to Incorrect Access Control in the User Management function in /Apps/TOPqw/BenutzerManagement.aspx.
CVE-2024-45876Medium6.52024-11-13The login form of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.283.4) at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection.
CVE-2024-32048Medium6.52024-11-13Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-24984Medium6.52024-11-13Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-40885Medium6.42024-11-13Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-39811Medium6.32024-11-13Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-48068Medium6.12024-11-15A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-36275Medium6.12024-11-13NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access.
CVE-2024-51213Medium6.12024-11-11Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component.
CVE-2024-50601Medium6.12024-11-11Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript.
CVE-2024-50990Medium6.12024-11-11A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parame…
CVE-2024-21850Medium6.02024-11-13Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-33617Medium5.92024-11-13Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-31074Medium5.92024-11-13Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-28885Medium5.92024-11-13Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-36284Medium5.52024-11-13Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-29085Medium5.52024-11-13Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-29076Medium5.52024-11-13Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-50800Medium5.42024-11-15Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows a remote attacker to execute arbitrary code via the error parameter in URL
CVE-2024-40579Medium5.42024-11-14Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter.
CVE-2024-45879Medium5.42024-11-13The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS).
CVE-2024-45878Medium5.42024-11-13The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.291), in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting (XSS).
CVE-2024-45875Medium5.42024-11-13The create user function in baltic-it TOPqw Webportal 1.35.287.1 (fixed in version1.35.291), in /Apps/TOPqw/BenutzerManagement.aspx/SaveNewUser, is vulnerable to SQL injection.
CVE-2024-28169Medium5.42024-11-13Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2024-42834Medium5.42024-11-13A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Activation Center (SAC) UI v14.11 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload int…
CVE-2021-27703Medium5.42024-11-12Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page.
CVE-2024-51026Medium5.42024-11-11The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field.
CVE-2024-46965Medium5.42024-11-11The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component.
CVE-2024-24450Medium5.32024-11-15Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF…
CVE-2024-24447Medium5.32024-11-15A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a PDU Session Resource Setup Response with an empty Response Item li…
CVE-2024-39707Medium5.32024-11-14Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms.
CVE-2024-50843Medium5.32024-11-14A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets.
CVE-2024-39285Medium5.32024-11-13Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-23919Medium5.32024-11-13Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-48075Medium5.32024-11-12A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.
CVE-2024-51330Medium5.12024-11-15An issue in UltiMaker Cura v.4.41 and 5.8.1 and before allows a local attacker to execute arbitrary code via Inter-process communication (IPC) mechanism between Cura application and CuraEngine processes, localhost network stack, printing s…
CVE-2024-48284Medium4.82024-11-14A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2.
CVE-2024-21783Medium4.82024-11-13Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-38920Medium4.82024-11-13Cross Site Scripting vulnerability in Cyber Cafe Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the adminname parameter.
CVE-2024-51190Medium4.82024-11-11TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page.
CVE-2024-51189Medium4.82024-11-11TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page.
CVE-2024-51188Medium4.82024-11-11TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page.
CVE-2024-51187Medium4.82024-11-11TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page.
CVE-2024-51054Medium4.82024-11-11A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request parameter.
CVE-2024-50991Medium4.82024-11-11A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the "fname" POST request parameter
CVE-2024-11242Medium4.72024-11-15A vulnerability was found in ZZCMS 2023.
CVE-2024-21853Medium4.72024-11-13Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access.
CVE-2021-27701Medium4.72024-11-12SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal.
CVE-2024-23169Medium4.62024-11-15The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting (XSS) via the Where textbox on the Reports screen during new rule creation.
CVE-2024-34776Medium4.52024-11-13Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-27200Medium4.42024-11-13Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-33624Medium4.32024-11-13Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2024-40443Medium4.32024-11-13SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php
CVE-2024-10976Medium4.22024-11-14Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended.
CVE-2024-21808Medium4.22024-11-13Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32667Low3.92024-11-13Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-38660Low3.82024-11-13Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-25565Low3.82024-11-13Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.
CVE-2024-33611Low3.42024-11-13Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-10977Low3.12024-11-14Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application.
CVE-2024-46383Low2.42024-11-15Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB and Wifi connected devices in plaintext.
CVE-2024-11130Low2.42024-11-12A vulnerability was found in ZZCMS up to 2023.
CVE-2024-28051Low2.22024-11-13Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-28030Low2.22024-11-13NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-404572024-11-11The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21…

Cisco · 50 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2023-20036Critical9.92024-11-15A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to…
CVE-2023-20154Critical9.12024-11-15A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handli…
CVE-2022-20655High8.82024-11-15A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argum…
CVE-2023-20125High8.62024-11-15A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate l…
CVE-2022-20649High8.12024-11-15A vulnerability in Cisco&nbsp;RCM for Cisco&nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges&nbsp;in the context of the configured container…
CVE-2022-20685High7.52024-11-15A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow…
CVE-2022-20853High7.42024-11-15A vulnerability in the REST API of Cisco&nbsp;Expressway Series and Cisco&nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerabil…
CVE-2022-20814High7.42024-11-15A vulnerability in the certificate validation of Cisco&nbsp;Expressway-C and Cisco&nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.&nbsp;&nbsp;The vulnerability is due to…
CVE-2022-20793Medium6.82024-11-15A vulnerability in pairing process of Cisco&nbsp;TelePresence CE Software and RoomOS Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected devi…
CVE-2021-34752Medium6.72024-11-15A vulnerability in the CLI of Cisco&nbsp;FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.&…
CVE-2023-20090Medium6.72024-11-15A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands.
CVE-2021-1491Medium6.52024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the device. This vulnerability is due to in…
CVE-2021-1484Medium6.52024-11-15A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due…
CVE-2022-20931Medium6.52024-11-15A vulnerability in the version control of Cisco&nbsp;TelePresence CE Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulner…
CVE-2022-20656Medium6.52024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;PI and Cisco&nbsp;EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device.
CVE-2022-20652Medium6.52024-11-15A vulnerability in the web-based management interface and in the API subsystem of Cisco&nbsp;Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying o…
CVE-2021-1483Medium6.42024-11-15A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper han…
CVE-2021-1482Medium6.42024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. Thi…
CVE-2022-20871Medium6.32024-11-15A vulnerability in the web management interface of Cisco&nbsp;AsyncOS for Cisco&nbsp;Secure Web Appliance, formerly Cisco&nbsp;Web Security Appliance (WSA),&nbsp;could allow an authenticated, remote attacker to perform a command injection…
CVE-2022-20632Medium6.12024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the w…
CVE-2023-20060Medium6.12024-11-15A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability e…
CVE-2022-20849Medium6.12024-11-15A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco&nbsp;IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists…
CVE-2022-20663Medium6.12024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user o…
CVE-2022-20657Medium6.12024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;PI and Cisco&nbsp;EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. This vulnerability…
CVE-2022-20654Medium6.12024-11-15A vulnerability in the web-based interface of Cisco&nbsp;Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to…
CVE-2022-20631Medium6.12024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the w…
CVE-2022-20845Medium6.02024-11-15A vulnerability in the TL1 function of Cisco&nbsp;Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory und…
CVE-2021-34753Medium5.82024-11-15A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. Thi…
CVE-2021-1494Medium5.82024-11-15Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of spe…
CVE-2023-20039Medium5.52024-11-15A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory.
CVE-2022-20626Medium5.52024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.
CVE-2021-1466Medium5.42024-11-15A vulnerability in the vDaemon service of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a&nbsp;denial of service (DoS) condition. The vulnera…
CVE-2022-20948Medium5.42024-11-15A vulnerability in the web management interface of Cisco&nbsp;BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerabi…
CVE-2022-20633Medium5.32024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in aut…
CVE-2022-20766Medium5.32024-11-15A vulnerability in the Cisco&nbsp;Discovery Protocol functionality of Cisco&nbsp;ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulne…
CVE-2022-20648Medium5.32024-11-15A vulnerability in a debug function for Cisco&nbsp;RCM for Cisco&nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be r…
CVE-2024-20373Medium5.32024-11-15A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP p…
CVE-2023-20091Medium5.12024-11-15A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access contro…
CVE-2021-1464Medium5.02024-11-15A vulnerability in Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exi…
CVE-2021-1470Medium4.92024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input…
CVE-2022-20634Medium4.72024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL paramet…
CVE-2023-20093Medium4.42024-11-15Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper acc…
CVE-2023-20092Medium4.42024-11-15Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper acc…
CVE-2023-20004Medium4.42024-11-15Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper acc…
CVE-2021-34751Medium4.32024-11-15A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information.
CVE-2021-34750Medium4.32024-11-15A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information.
CVE-2021-1481Medium4.32024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due…
CVE-2023-20094Medium4.32024-11-15A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds…
CVE-2022-20939Medium4.32024-11-15A vulnerability in the web-based management interface of Cisco&nbsp;Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protecti…
CVE-2022-20846Medium4.32024-11-15A vulnerability in the Cisco&nbsp;Discovery Protocol implementation for Cisco&nbsp;IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco&nbsp;Discovery Protocol process to reload on an affected device. This…

Ivanti · 45 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50330Critical9.82024-11-12SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-39712Critical9.12024-11-13Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-39711Critical9.12024-11-13Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-39710Critical9.12024-11-13Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-38656Critical9.12024-11-13Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11006Critical9.12024-11-12Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve…
CVE-2024-11005Critical9.12024-11-12Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve…
CVE-2024-11007Critical9.12024-11-12Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve…
CVE-2024-9420High8.82024-11-12A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution
CVE-2024-50329High8.82024-11-12Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-39709High7.82024-11-13Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local authenticated attacker to escalate their privileges.
CVE-2024-37398High7.82024-11-13Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.
CVE-2024-34787High7.82024-11-13Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution.
CVE-2024-50323High7.82024-11-12SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution.
CVE-2024-50322High7.82024-11-12Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution.
CVE-2024-47906High7.82024-11-12Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges.
CVE-2024-38649High7.52024-11-13An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-37400High7.52024-11-13An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service.
CVE-2024-8495High7.52024-11-12A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50331High7.52024-11-12An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory.
CVE-2024-50321High7.52024-11-12An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50320High7.52024-11-12An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50319High7.52024-11-12An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50318High7.52024-11-12A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-50317High7.52024-11-12A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-47907High7.52024-11-12A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.
CVE-2024-38655High7.22024-11-13Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-37376High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34784High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34782High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34781High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-34780High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32847High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32844High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32841High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-32839High7.22024-11-13SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50328High7.22024-11-12SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50327High7.22024-11-12SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50326High7.22024-11-12SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-50324High7.22024-11-12Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-11004Medium6.12024-11-12Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges.
CVE-2024-47909Medium4.92024-11-12A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-47905Medium4.92024-11-12A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.
CVE-2024-29211Medium4.72024-11-13A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.
CVE-2024-38654Medium4.42024-11-13Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

Google · 35 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43091Critical9.82024-11-13In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow.
CVE-2024-11113High8.82024-11-12Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-13314High7.82024-11-15In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check.
CVE-2017-13312High7.82024-11-15In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation.
CVE-2017-13310High7.82024-11-15In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass.
CVE-2024-43089High7.82024-11-13In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check.
CVE-2024-43088High7.82024-11-13In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check.
CVE-2024-43087High7.82024-11-13In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code.
CVE-2024-43085High7.82024-11-13In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code.
CVE-2024-43081High7.82024-11-13In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code.
CVE-2024-43080High7.82024-11-13In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization.
CVE-2024-40671High7.82024-11-13In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check.
CVE-2024-40661High7.82024-11-13In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check.
CVE-2024-40660High7.82024-11-13In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code.
CVE-2024-34747High7.82024-11-13In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code.
CVE-2024-34729High7.82024-11-13In multiple locations, there is a possible arbitrary code execution due to a logic error in the code.
CVE-2024-34719High7.82024-11-13In multiple locations, there is a possible permissions bypass due to a missing null check.
CVE-2024-31337High7.82024-11-13In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation.
CVE-2024-23715High7.82024-11-13In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code.
CVE-2023-35686High7.82024-11-13In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation.
CVE-2023-35659High7.82024-11-13In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code.
CVE-2024-43093High7.3KEV2024-11-13In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization.
CVE-2017-13311Medium6.72024-11-15In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass.
CVE-2017-13313Medium6.52024-11-15In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check.
CVE-2024-11110Medium6.52024-11-12Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.
CVE-2017-13309Medium5.52024-11-15In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto.
CVE-2017-13227Medium5.52024-11-14In the autofill service, the package name that is provided by the app process is trusted inappropriately.
CVE-2024-43086Medium5.52024-11-13In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy.
CVE-2024-43084Medium5.52024-11-13In visitUris of multiple files, there is a possible information disclosure due to a confused deputy.
CVE-2024-43083Medium5.52024-11-13In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion.
CVE-2024-43082Medium5.52024-11-13In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy.
CVE-2024-43090Medium5.02024-11-13In multiple locations, there is a possible cross-user image read due to a missing permission check.
CVE-2024-11117Medium4.32024-11-12Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page.
CVE-2024-11116Medium4.32024-11-12Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
CVE-2024-11111Medium4.32024-11-12Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.

Adobe · 23 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49525High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49520High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49519High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49518High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49517High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49516High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49515High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code.
CVE-2024-47434High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47433High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47432High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47431High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47430High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47429High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47428High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47427High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-47426High7.82024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user.
CVE-2024-49521High7.72024-11-12Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass.
CVE-2024-47440Medium5.52024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47439Medium5.52024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.
CVE-2024-47438Medium5.52024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak.
CVE-2024-47437Medium5.52024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47436Medium5.52024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.
CVE-2024-47435Medium5.52024-11-12Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Siemens · 22 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-44102Critical10.02024-11-12A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions…
CVE-2024-46888Critical9.92024-11-12A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
CVE-2024-46890Critical9.12024-11-12A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
CVE-2024-47808High8.42024-11-12A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1).
CVE-2024-47941High7.82024-11-12A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9).
CVE-2024-47940High7.82024-11-12A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9).
CVE-2024-47783High7.82024-11-12A vulnerability has been identified in SIPORT (All versions < V3.4.0).
CVE-2024-29119High7.82024-11-12A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3).
CVE-2024-50310High7.52024-11-12A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50).
CVE-2024-47942High7.32024-11-12A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9).
CVE-2023-32736High7.32024-11-12A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18…
CVE-2024-50572High7.22024-11-12A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
CVE-2024-50557High7.22024-11-12A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
CVE-2024-36140Medium6.82024-11-12A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2).
CVE-2024-46894Medium6.32024-11-12A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
CVE-2024-46891Medium5.32024-11-12A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
CVE-2024-46889Medium5.32024-11-12A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
CVE-2024-46892Medium4.92024-11-12A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
CVE-2024-50561Medium4.32024-11-12A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
CVE-2024-50559Medium4.32024-11-12A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
CVE-2024-50558Medium4.32024-11-12A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…
CVE-2024-50560Low3.12024-11-12A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8…

Lopalopa · 20 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50823Critical9.82024-11-14A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
CVE-2024-50833Critical9.82024-11-14A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.
CVE-2024-50831High7.22024-11-14A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.
CVE-2024-50830High7.22024-11-14A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.
CVE-2024-50829High7.22024-11-14A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.
CVE-2024-50828High7.22024-11-14A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.
CVE-2024-50827High7.22024-11-14A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.
CVE-2024-50826High7.22024-11-14A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
CVE-2024-50825High7.22024-11-14A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
CVE-2024-50824High7.22024-11-14A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
CVE-2024-50835High7.22024-11-14A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.
CVE-2024-50834High7.22024-11-14A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.
CVE-2024-50832High7.22024-11-14A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.
CVE-2024-50838Medium5.42024-11-14A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0.
CVE-2024-50837Medium5.42024-11-14A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0.
CVE-2024-50842Medium5.42024-11-14A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0.
CVE-2024-50841Medium5.42024-11-14A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0.
CVE-2024-50840Medium5.42024-11-14A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0.
CVE-2024-50839Medium5.42024-11-14A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0.
CVE-2024-50836Medium4.82024-11-14A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0.

Fortinet · 17 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-36513High8.22024-11-12A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.
CVE-2024-47574High7.82024-11-13A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitra…
CVE-2024-40592High7.52024-11-12An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap th…
CVE-2024-23666High7.52024-11-12A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7…
CVE-2023-50176High7.52024-11-12A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link.
CVE-2024-36507High7.32024-11-12A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.
CVE-2024-32118Medium6.72024-11-12Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 throug…
CVE-2024-31496Medium6.72024-11-12A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows…
CVE-2024-33505Medium5.62024-11-12A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0…
CVE-2023-47543Medium5.42024-11-12An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.
CVE-2024-26011Medium5.32024-11-12A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiPr…
CVE-2024-32116Medium5.12024-11-12Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before…
CVE-2024-32117Medium4.92024-11-12An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & Fort…
CVE-2024-33510Medium4.32024-11-12An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 an…
CVE-2024-36509Medium4.22024-11-12An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allo…
CVE-2023-44255Medium4.12024-11-12An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permi…
CVE-2024-35274Low2.32024-11-12An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version…

Nextcloud · 17 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52508High8.22024-11-15Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform.
CVE-2024-52511Medium6.32024-11-15Nextcloud Tables allows users to to create tables with individual columns.
CVE-2024-52520Medium5.72024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52515Medium5.72024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52523Medium4.62024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52517Medium4.62024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52518Medium4.42024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52510Medium4.22024-11-15The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer.
CVE-2024-52514Medium4.12024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52509Low3.52024-11-15Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform.
CVE-2024-52507Low3.52024-11-15Nextcloud Tables allows users to to create tables with individual columns.
CVE-2024-52512Low3.32024-11-15user_oidc app is an OpenID Connect user backend for Nextcloud.
CVE-2024-52516Low3.02024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52519Low2.72024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52513Low2.62024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52521Low2.62024-11-15Nextcloud Server is a self hosted personal cloud system.
CVE-2024-52525Low1.82024-11-15Nextcloud Server is a self hosted personal cloud system.

Intel · 14 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-36482High8.22024-11-13Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-32483High8.22024-11-13Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-41167High7.52024-11-13Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-39609High7.52024-11-13Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-36488High7.32024-11-13Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29079Medium6.82024-11-13Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36294Medium6.72024-11-13Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36276Medium6.72024-11-13Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36245Medium6.72024-11-13Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-23198Medium6.62024-11-13Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-37027Medium6.12024-11-13Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-28049Medium5.72024-11-13Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent access.
CVE-2024-32485Low3.92024-11-13Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-25563Low3.42024-11-13Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access.

Librenms · 13 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49754High7.52024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-52526Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-51497Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-51496Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-51495Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-51494Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-50355Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-50352Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-50351Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-50350Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-49764Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-49759Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.
CVE-2024-49758Medium4.82024-11-15LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

Amd · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21976High8.82024-11-12Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
CVE-2024-21975High8.82024-11-12Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
CVE-2024-21974High8.82024-11-12Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.
CVE-2024-21958High7.32024-11-12Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-21957High7.32024-11-12Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21946High7.32024-11-12Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21945High7.32024-11-12Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21939High7.32024-11-12Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21938High7.32024-11-12Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary cod…
CVE-2024-21937High7.32024-11-12Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21949Medium5.52024-11-12Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.

Glpi-project · 11 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-40638High8.12024-11-15GLPI is a free asset and IT management software package.
CVE-2024-45610Medium6.52024-11-15GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.
CVE-2024-45609Medium6.52024-11-15GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
CVE-2024-45608Medium6.52024-11-15GLPI is a free asset and IT management software package.
CVE-2024-43418Medium6.52024-11-15GLPI is a free asset and IT management software package.
CVE-2024-43417Medium6.52024-11-15GLPI is a free asset and IT management software package.
CVE-2024-41679Medium6.52024-11-15GLPI is a free asset and IT management software package.
CVE-2024-41678Medium6.52024-11-15GLPI is a free asset and IT management software package.
CVE-2024-45611Medium5.72024-11-15GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.
CVE-2024-38370Medium5.32024-11-15GLPI is a free asset and IT management software package.
CVE-2024-47759Medium4.82024-11-15GLPI is a free Asset and IT management software package.

Anisha · 10 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11241High7.32024-11-15A vulnerability was found in code-projects Job Recruitment 1.0.
CVE-2024-11099High7.32024-11-12A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical.
CVE-2024-11077High7.32024-11-11A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0.
CVE-2024-11245Medium6.32024-11-15A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0.
CVE-2024-11244Medium6.32024-11-15A vulnerability classified as critical was found in code-projects Farmacia 1.0.
CVE-2024-11127Medium6.32024-11-12A vulnerability was found in code-projects Job Recruitment up to 1.0.
CVE-2024-11076Medium6.32024-11-11A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0.
CVE-2024-50969Medium6.12024-11-13A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.
CVE-2024-11246Low3.52024-11-15A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0.
CVE-2024-11078Low3.52024-11-11A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic.

Hewlett Packard Enterprise (Hpe) · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-24459Medium5.92024-11-15An invalid memory access when handling the ProtocolIE_ID field of S1Setup Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sen…
CVE-2024-24458Medium5.92024-11-15An invalid memory access when handling the ENB Configuration Transfer messages containing invalid PLMN Identities in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiat…
CVE-2024-24457Medium5.92024-11-15An invalid memory access when handling the ProtocolIE_ID field of E-RAB Setup List Context SURes messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating conn…
CVE-2024-24455Medium5.92024-11-15An invalid memory access when handling a UE Context Release message containing an invalid UE identifier in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connec…
CVE-2024-24454Medium5.92024-11-15An invalid memory access when handling the ProtocolIE_ID field of E-RAB Modify Request messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections an…
CVE-2024-24453Medium5.92024-11-15An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly i…
CVE-2024-24452Medium5.92024-11-15An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connection…
CVE-2024-51765Medium5.52024-11-15A security vulnerability has been identified in HPE Cray Data Virtualization Service (DVS).
CVE-2024-51764Medium5.52024-11-15A security vulnerability has been identified in HPE Data Management Framework (DMF) Suite (CXFS).

Moodle · 9 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43439Medium5.42024-11-11A flaw was found in moodle.
CVE-2024-43437Medium5.42024-11-11A flaw was found in moodle.
CVE-2024-43435Medium5.32024-11-11A flaw was found in moodle.
CVE-2024-43433Medium5.32024-11-11A flaw was found in moodle.
CVE-2024-43432Medium5.32024-11-11A flaw was found in moodle.
CVE-2024-43430Medium5.32024-11-11A flaw was found in moodle.
CVE-2024-43429Medium5.32024-11-11A flaw was found in moodle.
CVE-2024-48900Medium4.32024-11-13A vulnerability was found in Moodle.
CVE-2024-43427Low3.72024-11-11A flaw was found in moodle.

Baxter · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48967Critical10.02024-11-14The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination.
CVE-2024-48966Critical10.02024-11-14The software tools used by service personnel to test & calibrate the ventilator do not support user authentication.
CVE-2024-48974Critical9.32024-11-14The ventilator does not perform proper file integrity checks when adopting firmware updates.
CVE-2024-48973Critical9.32024-11-14The debug port on the ventilator's serial interface is enabled by default.
CVE-2024-48971Critical9.32024-11-14The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form.
CVE-2024-48970Critical9.32024-11-14The ventilator's microcontroller lacks memory protection.
CVE-2024-9834Critical9.32024-11-14Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
CVE-2024-9832Critical9.32024-11-14There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password.

Ibm · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-41784High7.52024-11-15IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system.
CVE-2024-45088Medium6.42024-11-11IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting.
CVE-2024-41785Medium6.12024-11-15IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting.
CVE-2024-43189Medium5.92024-11-15IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
CVE-2024-45670Medium5.62024-11-14IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.
CVE-2024-45642Medium5.32024-11-14IBM Security ReaQta 3.12 is vulnerable to cross-site scripting.
CVE-2024-45087Medium4.82024-11-11IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.
CVE-2024-45099Low3.12024-11-14IBM Security ReaQta 3.12 is vulnerable to cross-site scripting.

Palo Alto Networks · 8 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2551High7.52024-11-14A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of ser…
CVE-2024-2550High7.52024-11-14A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that ca…
CVE-2024-5919Medium6.52024-11-14A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server.
CVE-2024-2552Medium6.02024-11-14A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
CVE-2024-5917Medium4.92024-11-14A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwi…
CVE-2024-5920Medium4.82024-11-14A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node.
CVE-2024-5918Medium4.32024-11-14An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a diff…
CVE-2024-94722024-11-14A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS b…

Ampache · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51487High8.12024-11-11Ampache is a web based audio/video streaming application and file manager.
CVE-2024-51485High8.12024-11-11Ampache is a web based audio/video streaming application and file manager.
CVE-2024-51484High8.12024-11-11Ampache is a web based audio/video streaming application and file manager.
CVE-2024-51490Medium5.52024-11-11Ampache is a web based audio/video streaming application and file manager.
CVE-2024-51486Medium5.52024-11-11Ampache is a web based audio/video streaming application and file manager.
CVE-2024-51489Medium5.42024-11-11Ampache is a web based audio/video streaming application and file manager.
CVE-2024-51488Medium5.42024-11-11Ampache is a web based audio/video streaming application and file manager.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-11068Critical9.82024-11-11The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using…
CVE-2024-11067High7.52024-11-11The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
CVE-2024-11066High7.22024-11-11The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page.
CVE-2024-11065High7.22024-11-11The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CVE-2024-11064High7.22024-11-11The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CVE-2024-11063High7.22024-11-11The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.
CVE-2024-11062High7.22024-11-11The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

Freebsd · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51564High7.52024-11-12A guest can trigger an infinite loop in the hda audio driver.
CVE-2024-45289High7.52024-11-12The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname.
CVE-2024-51566Medium6.52024-11-12The NVMe driver queue processing is vulernable to guest-induced infinite loops.
CVE-2024-51565Medium6.52024-11-12The hda driver is vulnerable to a buffer over-read from a guest-controlled value.
CVE-2024-51563Medium6.52024-11-12The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
CVE-2024-51562Medium6.52024-11-12The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.
CVE-2024-39281Medium5.32024-11-12The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.

Justdan96 · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49778High8.82024-11-14A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
CVE-2024-49777High8.82024-11-14A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.
CVE-2024-41209High8.82024-11-14A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
CVE-2024-49776Medium6.52024-11-14A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.
CVE-2024-41217Medium6.52024-11-14A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.
CVE-2024-41206Medium6.52024-11-14A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.
CVE-2024-52613Medium5.52024-11-14A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file.

Sap_se · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47590High8.82024-11-12An unauthenticated attacker can create a malicious link which they can make publicly available.
CVE-2024-42372Medium6.52024-11-12Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the applicat…
CVE-2024-47592Medium5.32024-11-12SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs.
CVE-2024-47586Medium5.32024-11-12SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel.
CVE-2024-47588Medium4.72024-11-12In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file.
CVE-2024-47593Medium4.32024-11-12SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server i…
CVE-2024-47587Low3.52024-11-12Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.

Schneider Electric · 7 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10575Critical9.82024-11-13CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.
CVE-2024-8938High8.12024-11-13CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus fu…
CVE-2024-9409High7.52024-11-13CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.
CVE-2024-8935High7.52024-11-13CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller and the enginee…
CVE-2024-8933High7.52024-11-13CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integri…
CVE-2024-8937Medium6.52024-11-13CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by sending a crafted Modbus fu…
CVE-2024-8936Medium6.52024-11-13CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memor…

Grand Vice Info · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11020Critical9.82024-11-11Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2024-11018Critical9.82024-11-11Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVE-2024-11016Critical9.82024-11-11Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2024-11017High8.82024-11-11Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server.
CVE-2024-11019Medium6.12024-11-11Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.
CVE-2024-11021Medium5.42024-11-11Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability.

Jenkins · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52554High8.82024-11-13Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission…
CVE-2024-52553High8.82024-11-13Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
CVE-2024-52552High8.02024-11-13Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Conf…
CVE-2024-52551High8.02024-11-13Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to res…
CVE-2024-52550High8.02024-11-13Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild…
CVE-2024-52549Medium4.32024-11-13Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/R…

Linuxfoundation · 6 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-31670High7.72024-11-14Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to…
CVE-2022-31666High7.72024-11-14Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.
CVE-2022-31671High7.42024-11-14Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs.
CVE-2022-31668High7.42024-11-14Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the at…
CVE-2022-31669Medium6.42024-11-14Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have acces…
CVE-2022-31667Medium6.42024-11-14Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robo…

1000 Projects · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11258High7.32024-11-15A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0.
CVE-2024-11257High7.32024-11-15A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0.
CVE-2024-11256High7.32024-11-15A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical.
CVE-2024-11100High7.32024-11-12A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0.
CVE-2024-11101Medium4.72024-11-12A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0.

Apache · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50306Critical9.12024-11-14Unchecked return value can allow Apache Traffic Server to retain privileges on startup.
CVE-2024-50386High8.52024-11-12Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances.
CVE-2024-45784High7.52024-11-15Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs.
CVE-2024-50305High7.52024-11-14Valid Host header field can cause Apache Traffic Server to crash on some platforms.
CVE-2024-38479High7.52024-11-14Improper Input Validation vulnerability in Apache Traffic Server.

Cybelesoft · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-40404Critical9.82024-11-13Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established.
CVE-2024-40405High8.12024-11-13Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request.
CVE-2024-40407High7.52024-11-13A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors.
CVE-2024-40408High7.32024-11-13Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section.
CVE-2024-40410Medium4.82024-11-13Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption.

Dell · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49560High7.82024-11-12Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability.
CVE-2024-49558High7.82024-11-12Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability.
CVE-2024-49557High7.82024-11-12Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability.
CVE-2024-48837High7.82024-11-12Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability.
CVE-2024-48838Low3.32024-11-12Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability.

Gitlab · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9693High8.52024-11-14An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes a…
CVE-2024-7404Medium6.82024-11-14An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as t…
CVE-2024-8648Medium6.12024-11-14An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2.
CVE-2024-8180Medium5.42024-11-14An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2.
CVE-2024-9633Low3.12024-11-14An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2.

Kognetiks · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10684Medium6.12024-11-13The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping.
CVE-2024-10531Medium5.32024-11-13The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7.
CVE-2024-10529Medium5.32024-11-13The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_assistant() function in all versions up to, and including, 2.1.7.
CVE-2024-11143Medium4.32024-11-13The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8.
CVE-2024-10530Medium4.32024-11-13The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7.

Mayurik · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11212Medium6.32024-11-14A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0.
CVE-2024-11214Medium4.72024-11-14A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical.
CVE-2024-11213Medium4.72024-11-14A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0.
CVE-2024-11073Medium4.32024-11-11A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0.
CVE-2024-11102Low3.52024-11-12A vulnerability was found in SourceCodester Hospital Management System 1.0.

Rockwell Automation · 5 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10943Critical9.12024-11-12An authentication bypass vulnerability exists in the affected product.
CVE-2024-10944High8.42024-11-12A Remote Code Execution vulnerability exists in the affected product.
CVE-2024-6068High7.32024-11-14A memory corruption vulnerability exists in the affected products when parsing DFT files.
CVE-2024-10945High7.32024-11-12A Local Privilege Escalation vulnerability exists in the affected product.
CVE-2024-37365High7.32024-11-12A remote code execution vulnerability exists in the affected product.

Ami · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-33658High7.82024-11-12APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local.
CVE-2024-42442High7.22024-11-12APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network.
CVE-2024-2315High7.12024-11-12APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker.
CVE-2024-33660Medium4.32024-11-12An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.

Citrix · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8535High8.12024-11-12Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to acce…
CVE-2024-8534High8.12024-11-12Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Ga…
CVE-2024-8069High8.0KEV2024-11-12Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server
CVE-2024-8068High8.0KEV2024-11-12Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

Code-projects · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11250Medium6.32024-11-15A vulnerability was found in code-projects Inventory Management up to 1.0.
CVE-2024-11096Medium6.32024-11-12A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0.
CVE-2024-11243Medium4.32024-11-15A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0.
CVE-2024-11259Low3.52024-11-15A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0.

Debian · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49369Critical9.82024-11-12Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting.
CVE-2024-52533Critical9.82024-11-11gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVE-2024-52301High7.52024-11-12Laravel is a web application framework.
CVE-2024-10978Medium4.22024-11-14Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-28729Critical9.82024-11-12An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.
CVE-2024-51186High8.02024-11-11D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.
CVE-2024-28730Medium5.42024-11-12Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.
CVE-2024-28731Medium4.32024-11-12Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.

Lunary · 4 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3502High8.12024-11-14In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors.
CVE-2024-3501High8.12024-11-14In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints.
CVE-2024-3379High8.12024-11-14In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to.
CVE-2024-3760High7.52024-11-14In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability.

51mis · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11122Medium6.32024-11-12A vulnerability, which was classified as critical, has been found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3.
CVE-2024-11121Medium6.32024-11-12A vulnerability classified as critical was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3.
CVE-2024-11123Medium4.32024-11-12A vulnerability, which was classified as problematic, was found in 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3.

Angeljudesuarez · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50972High7.22024-11-13A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.
CVE-2024-50971High7.22024-11-13A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.
CVE-2024-11074Medium6.32024-11-11A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0.

Apereo · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11209Medium6.32024-11-14A vulnerability was found in Apereo CAS 6.6.
CVE-2024-11207Medium4.32024-11-14A vulnerability has been found in Apereo CAS 6.6 and classified as problematic.
CVE-2024-11208Low3.72024-11-14A vulnerability was found in Apereo CAS 6.6 and classified as problematic.

Blackberry · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51721High7.32024-11-12A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would…
CVE-2024-51722Medium6.42024-11-12A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts…
CVE-2024-51720Medium4.82024-11-12An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account…

Chatwoot · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2021-3742High8.82024-11-15A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0.
CVE-2021-3740Medium6.82024-11-15A Session Fixation vulnerability exists in chatwoot/chatwoot versions prior to 2.4.0.
CVE-2021-3741Medium5.42024-11-15A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6.

Craftcms · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52291High8.42024-11-13Craft is a content management system (CMS).
CVE-2024-52292High7.72024-11-13Craft is a content management system (CMS).
CVE-2024-52293High7.22024-11-13Craft is a content management system (CMS).

Delta Electronics · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47131High7.82024-11-11If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code.
CVE-2024-39605High7.82024-11-11If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
CVE-2024-39354High7.82024-11-11If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.

Gnome · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52532High7.52024-11-11GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption.
CVE-2024-52530High7.52024-11-11GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chun…
CVE-2024-52531Medium6.52024-11-11GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict.

Helix · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-103452024-11-11In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified.
CVE-2024-103442024-11-11In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified.
CVE-2024-103142024-11-11In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified.

Janeczku · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2021-3988Medium6.12024-11-15A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`.
CVE-2021-3987Medium4.32024-11-15An improper access control vulnerability exists in janeczku/calibre-web.
CVE-2021-3986Medium4.32024-11-15A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users.

Mutt · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49393Medium6.52024-11-12In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confi…
CVE-2024-49395Medium5.32024-11-12In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
CVE-2024-49394Medium5.32024-11-12In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

Northmule · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10854Medium4.32024-11-13The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9.
CVE-2024-10853Medium4.32024-11-13The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9.
CVE-2024-10852Medium4.32024-11-13The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9.

Openafs · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10397High7.82024-11-14A malicious server can crash the OpenAFS cache manager and other client utilities, and possibly execute arbitrary code.
CVE-2024-10394High7.82024-11-14A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credenti…
CVE-2024-10396Medium6.52024-11-14An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log.

Progress · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10013High7.82024-11-13In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
CVE-2024-7295High7.12024-11-13In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
CVE-2024-8049Medium6.52024-11-13In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the applic…

Razormist · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11262Medium5.32024-11-15A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical.
CVE-2024-11261Medium5.32024-11-15A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0.
CVE-2024-11097Low3.32024-11-12A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic.

Red Hat · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-2232High7.52024-11-14A flaw was found in the Keycloak package.
CVE-2024-11079Medium5.52024-11-12A flaw was found in Ansible-Core.
CVE-2024-11217Medium4.92024-11-15A vulnerability was found in the OAuth-server.

Royal-elementor-addons · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9682Medium6.42024-11-13The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and outpu…
CVE-2024-9668Medium6.42024-11-13The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output e…
CVE-2024-9059Medium6.42024-11-13The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping.

Softbank Corp. · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45827High8.02024-11-12Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier.
CVE-2024-29075Medium4.62024-11-12Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier.
CVE-2024-47799Low3.52024-11-12Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier.

Vaemendis · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47915High7.52024-11-14VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-45254High7.52024-11-14VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47914Medium4.52024-11-14VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)

Wpdeveloper · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8979High8.02024-11-15The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_conte…
CVE-2024-8961Medium6.42024-11-15The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and i…
CVE-2024-8978Medium5.72024-11-15The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_conte…

Xwiki · 3 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52300Critical9.02024-11-13macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.
CVE-2024-52299High7.52024-11-13macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.
CVE-2024-52298High7.52024-11-13macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.

Acronis · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-34014Medium5.52024-11-11Arbitrary file overwrite during recovery due to improper symbolic link handling.
CVE-2024-34015Low3.32024-11-11Sensitive information disclosure during file browsing due to improper symbolic link handling.

Apple · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11115High8.82024-11-12Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures.
CVE-2024-9843Medium5.02024-11-12A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

Dompdf · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2021-3902Critical9.82024-11-15An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks.
CVE-2021-3838Critical9.82024-11-15DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function.

Element-hq · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51750Medium5.02024-11-12Element is a Matrix web client built using the Matrix React SDK.
CVE-2024-51749Low3.52024-11-12Element is a Matrix web client built using the Matrix React SDK.

Eyoucms · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11210Medium5.42024-11-14A vulnerability was found in EyouCMS 1.51.
CVE-2024-11211Medium4.72024-11-14A vulnerability classified as critical has been found in EyouCMS up to 1.6.7.

Geeeeeeeek · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50651Medium6.52024-11-15java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.
CVE-2024-50652Medium4.32024-11-15A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.

Gotomain · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52296Medium6.52024-11-12libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3.
CVE-2024-52288Medium5.12024-11-11libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3.

Hcl Software · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-30133Medium5.32024-11-12HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability.
CVE-2024-42188Low3.72024-11-14HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios.

Kanboard · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51748Critical9.12024-11-11Kanboard is project management software that focuses on the Kanban methodology.
CVE-2024-51747Critical9.12024-11-11Kanboard is project management software that focuses on the Kanban methodology.

Landray · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11238Medium6.52024-11-15A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0.
CVE-2024-11239Medium5.42024-11-15A vulnerability has been found in Landray EKP up to 16.0 and classified as critical.

Linux · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50263Medium5.52024-11-11In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state.
CVE-2023-4458Medium4.02024-11-14A flaw was found within the parsing of extended attributes in the kernel ksmbd module.

Matrix-org · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52505Medium5.42024-11-14matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol.
CVE-2024-503362024-11-12matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript.

Mz-automation · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45971Critical9.82024-11-15Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message.
CVE-2024-45970Critical9.82024-11-15Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message.

Opensuse · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49505Medium6.12024-11-13A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the  REGEX and P parameters.
CVE-2024-495062024-11-13Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem

Phpipam · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0787Medium5.92024-11-15phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header.
CVE-2022-1226Medium4.82024-11-15A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim.

Razorpay · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10851Medium6.12024-11-13The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6.
CVE-2024-10850Medium6.12024-11-13The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and includi…

Sonatype · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50822024-11-14A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2.  This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
CVE-2024-50832024-11-14A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2 This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.

Sound Research · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-2208High8.82024-11-12Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege.
CVE-2024-2207Medium6.02024-11-12Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege.

Suse · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2022-45157Critical9.12024-11-13A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider.
CVE-2024-495042024-11-13grub2 allowed attackers with access to the grub shell to access files on the encrypted disks.

Tenda · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11248High8.82024-11-15A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical.
CVE-2024-11061High8.82024-11-11A vulnerability classified as critical was found in Tenda AC10 16.03.10.13.

Tibco Software Inc · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-102182024-11-12XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence
CVE-2024-102172024-11-12XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence

Vanquish · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11150Critical9.82024-11-13The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6.
CVE-2024-10800High8.82024-11-13The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 16.6.

Wpmonks · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52384Critical9.92024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Cha…
CVE-2024-10717Medium6.52024-11-13The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and includi…

Yugabytedb · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11193Medium6.52024-11-13An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs.
CVE-2024-111652024-11-13An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response.

Zyxel · 2 CVEs

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8881Medium6.82024-11-12A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute s…
CVE-2024-8882Medium4.52024-11-12A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) c…

07fly · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51156Medium4.72024-11-1407FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'.

Adonesevangelista · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50968High7.52024-11-14A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart.

Advancedcustomfields · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9529Medium6.62024-11-15The Secure Custom Fields WordPress plugin before 6.3.9, Secure Custom Fields WordPress plugin before 6.3.6.3, Advanced Custom Fields Pro WordPress plugin before 6.3.9 does not prevent users from running arbitrary functions through its sett…

Advancedformintegration · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10877Medium6.12024-11-13The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including…

Airties · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9477Medium6.12024-11-13Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).

Aitool · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52383High7.52024-11-14Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool…

Algolplus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10828High8.12024-11-13The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized…

Andsonsdesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51837High8.52024-11-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sophia M Williams WP Contest wp-contest allows SQL Injection.This issue affects WP Contest: from n/a through <= 1.0.0.

Appointmind · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51679High7.12024-11-14Cross-Site Request Forgery (CSRF) vulnerability in gentlesource Appointmind appointmind allows Stored XSS.This issue affects Appointmind: from n/a through <= 4.0.0.

Appspace · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-27704Medium6.52024-11-12Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page.

Arm · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9413High8.02024-11-13The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.

Arttia Creative · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52375Critical10.02024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative datasets-manager-by-arttia-creative.This issue affects Datasets Manager by Arttia Creative: from n/a through <= 1.5.

Ateeq Rafeeq · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51793Critical10.02024-11-11Unrestricted Upload of File with Dangerous Type vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Upload a Web Shell to a Web Server.This issue affects RepairBuddy: from n/a through <= 3.8115.

Autodesk · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9500High7.82024-11-15A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management.

Avigilon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45253High7.52024-11-14Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Avovkdesign · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9578Medium5.32024-11-13The Hide Links plugin for WordPress is vulnerable to unauthorized shortcode execution due to do_shortcode being hooked through the comment_text filter in all versions up to and including 1.4.2.

Axelkeller · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10629High8.82024-11-13The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.9.

Ays-pro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10571Critical9.82024-11-14The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter.

Backpackforlaravel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52306High7.62024-11-13FileManager provides a Backpack admin interface for files and folder.

Bdthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52377Critical10.02024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through <= 1.5.2.

Blueglass · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10104Medium5.92024-11-15The Jobs for WordPress plugin before 2.7.8 does not sanitise and escape some of its Job settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks

Boa Web Server · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47916High7.52024-11-14Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Bosch Rexroth Ag · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48989High7.52024-11-13A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages.

Broadcom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7516High7.12024-11-12A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switc…

Bu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52351Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BU Web Team BU Slideshow bu-slideshow allows Stored XSS.This issue affects BU Slideshow: from n/a through <= 2.3.10.

Budgetcontrol · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-525282024-11-15Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control.

Chamilo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51142Medium5.42024-11-15Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.

Ciprian Popescu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51684High7.12024-11-14Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO wp-perfect-plugin allows Stored XSS.This issue affects W3P SEO: from n/a through < 1.8.6.

Cleancoder · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-39610Medium6.12024-11-15Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026.

Clementine-player · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50986High7.32024-11-15An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file.

Cli · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52308High8.02024-11-14The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands.

Cloud Foundry · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-388262024-11-11Authenticated users can upload specifically crafted files to leak server resources.

Cmanon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10038Medium6.12024-11-13The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping.

Cmorillas1 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10311High7.52024-11-15The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1.

Cmsminds · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52376Critical10.02024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress boat-rental-system allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through <…

Cool Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52354Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor shortcodes-for-amp-web-stories-and-elementor-widget allows Stored XSS.This issue affects W…

Craigk5n · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1097Medium5.42024-11-15A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0.

Crm2go · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52350Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nrmendez CRM 2go crm2go allows DOM-Based XSS.This issue affects CRM 2go: from n/a through <= 1.0.

Crmeb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50653High7.52024-11-15CRMEB <=5.4.0 is vulnerable to Incorrect Access Control.

Crocoblock · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10323Medium6.42024-11-12The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input sanitization and output escaping.

Cyberchimps · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52358Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows DOM-Based XSS.This issue affects Responsive Addons for…

Dang Ngoc Binh · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51792Critical10.02024-11-11Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record audio-record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through <= 1.0.

Dataease · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52295Critical9.82024-11-13DataEase is an open source data visualization analysis tool.

Dataprom · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10534Critical9.82024-11-15Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.

Decidim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-45594High7.72024-11-13Decidim is a participatory democracy framework.

Decidim-ice · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-43415Critical9.02024-11-12An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information…

Dedecms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11138Low2.72024-11-12A vulnerability classified as problematic has been found in DedeCMS 5.7.116.

Devolutions · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10971Medium4.32024-11-12Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.

Digistar · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11126Low3.12024-11-12A vulnerability was found in Digistar AG-30 Plus 2.6b.

Dolibarr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-3991Medium4.32024-11-15An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch.

Donnellc · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52371High8.62024-11-14Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway | globe-gateway-e4.This issue affects Global Gateway e4 | Payeezy Gateway |: from n/a through <= 2…

Dothattask · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52374Critical10.02024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task do-that-task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through <= 1.5.5.

Dotnetzip.semverd_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-48510Critical9.82024-11-13Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer su…

Duongancol · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10794Medium4.32024-11-13The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included.

Easyphp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11215Medium6.52024-11-14Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1.

Eclipse · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10917Low3.72024-11-11In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around.

Ehues · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51882High8.52024-11-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopalkumar315 Gboy Custom Google Map gboy-custom-google-map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/…

Elastic · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-37285Critical9.12024-11-14A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload.

Emlog · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50655Medium5.42024-11-15emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.

Engeniustech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-36061Critical9.82024-11-11EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection.

Eric Teubert · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52393Critical9.12024-11-14Deserialization of Untrusted Data vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress.This issue affects Podlove Podcast Publisher: from n/a through <= 4.1.15.

Ersatzpole · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51573Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ersatzpole ML Responsive Audio player with playlist Shortcode mlr-audio allows Stored XSS.This issue affects ML Responsive Audio player w…

Erzhongxmu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11251Medium6.32024-11-15A vulnerability was found in erzhongxmu Jeewms up to 20241108.

Fahadmahmood · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9835Medium4.82024-11-12The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

Faizalbahasan · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52379Critical10.02024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in faizalbahasan kineticPay for WooCommerce kineticpay-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through…

Fbtopcn · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10577Medium6.12024-11-13The 胖鼠采集(Fat Rat Collect) 微信知乎简书腾讯新闻列表分页采集, 还有自动采集、自动发布、自动标签、等多项功能。开源插件 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to missing escaping on a URL in all versions up to, and including, 2.7.3.

Fedoraproject · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-4134Medium5.52024-11-14A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel.

Fortra · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3334Medium4.32024-11-15A security bypass vulnerability exists in the Removable Media Encryption (RME)component of Digital Guardian Windows Agents prior to version 8.2.0.

Fraudlabspro · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51688High7.12024-11-14Cross-Site Request Forgery (CSRF) vulnerability in fraudlabspro FraudLabs Pro SMS Verification fraudlabs-pro-sms-verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through <= 1.10.1.

Fruitcakestudios · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51843High8.52024-11-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in fruitcakestudios Horsemanager fruitcake-horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through <= 1.3.

Funnelkit · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9186High8.62024-11-14The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit WordPress plugin before 3.3.0 does not sanitize and escape the bwfan-track-id parameter before using it in a SQL statement, allowing…

Futuriowp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10695Medium4.32024-11-12The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.

Gabriel Serafini · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52353Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects christian-science-bible-lesson-subjects allows DOM-Based XSS.This issue affects…

Geekrmx · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51659High7.12024-11-14Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus twitter-anywhere-plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through <= 2.0.

Geovision · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11120Critical9.8KEV2024-11-15Certain EOL GeoVision devices have an OS Command Injection vulnerability.

Get-simple · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11125Medium4.32024-11-12A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic.

Getflightpath · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50983Medium5.42024-11-15FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which allows authenticated remote attackers with administrative rights to inject arbitrary JavaScript in the web browser of a user by including a malicious payload into th…

Getumbrel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-493792024-11-13Umbrel is a home server OS for self-hosting.

Giskard-ai · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-525242024-11-14Giskard is an evaluation and testing framework for AI systems.

Gliffy · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-103152024-11-11In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6.

Gogs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-44625High8.82024-11-15Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.

Gpac · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-4679Medium5.52024-11-15A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38.

Grafana Labs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-94762024-11-13A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulner…

Guchengwuyue · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50648Critical9.82024-11-15yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files.

Hashthemes · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10802Medium5.32024-11-13The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7.

Hb Websol · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51790Critical10.02024-11-11Unrestricted Upload of File with Dangerous Type vulnerability in HB WEBSOL HB AUDIO GALLERY hb-audio-gallery allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through <= 3.0.

Henrik Hoff · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51658High7.12024-11-14Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through <= 1.3.

Hive Support · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52370Critical9.92024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.This issue affects Hive Support: from n/a through <= 1.1.1.

Hyumika · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52355Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MiKa OSM osm.This issue affects OSM: from n/a through <= 6.1.2.

Ibphoenix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11240Low3.52024-11-15A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic.

Icdsoft · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11028Critical9.82024-11-13The MultiManager WP – Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5.

Imartinez · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4343Critical9.82024-11-14A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0.

Itg Computer Technology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-77872024-11-14Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ITG Computer Technology vSRM Supplier Relationship Management System allows Reflected XSS, Cross-Site Scripting (XSS).

Jetbrains · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52555Medium6.32024-11-15In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script

Jinher Network · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11060Medium6.32024-11-11A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform 金和数字化智能办公平台 1.0.

Johndarrel · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10825Medium6.12024-11-15The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping.

Joplin_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-49362High7.72024-11-14Joplin is a free, open source note taking and to-do application.

Joshua Wolfe · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51788Critical10.02024-11-11Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory noveldesign-store-directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from…

Kaminskym · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8874Medium6.12024-11-13The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2…

Ketr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51164Critical9.12024-11-15Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the…

Kimberlynorris · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8985Medium6.42024-11-13The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output…

Kodcloud · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51037Medium5.32024-11-15An issue in kodbox v.1.52.04 and before allows a remote attacker to obtain sensitive information via the captcha feature in the password reset function.

Labs64 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52378High7.52024-11-14Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in labs64 DigiPass digipass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through <= 0.3.0.

Leevio · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10538Medium6.42024-11-12The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitizat…

Lollms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-5125High7.32024-11-14parisneo/lollms-webui version 9.6 is vulnerable to Cross-Site Scripting (XSS) and Open Redirect due to inadequate input validation and processing of SVG files during the upload process.

Lqd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52357Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lqd LIQUID BLOCKS liquid-blocks allows Stored XSS.This issue affects LIQUID BLOCKS: from n/a through <= 1.2.0.

Lsquared · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51820High8.52024-11-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wplsquared L Squared Hub WP l-squared-hub-wp-virtual-device allows SQL Injection.This issue affects L Squared Hub WP: from n/a through <=…

Made I.t. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51791Critical10.02024-11-11Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T.

Mailmunch · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9614Medium6.12024-11-13The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2.

Masterbip · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51571Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masterbip MasterBip para Elementor masterbip-for-elementor allows DOM-Based XSS.This issue affects MasterBip para Elementor: from n/a thr…

Matthewmueller · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-21541High7.32024-11-13Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization.

Mcafee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-25254Critical9.82024-11-11SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter.

Md. Abdullah Al Masum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51575Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md.

Mdaemon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11182Medium6.1KEV2024-11-15An XSS issue was discovered in MDaemon Email Server before version 24.5.1c.

Medmatech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52382Critical9.82024-11-14Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through <= 1.0.0.

Melapress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10793High7.22024-11-15The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping.

Mendix · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-50313Medium5.32024-11-12A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mech…

Michelwppi · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9357Medium6.12024-11-12The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping.

Miloandrew · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52352Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in miloandrew Postcasa Shortcode postcasa allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through <= 1.0.

Mobisoft974 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10245Critical9.82024-11-12The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.

Mongodb · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10921Medium6.82024-11-14An authorized user may trigger crashes or receive the contents of buffer over-reads of Server memory by issuing specially crafted requests that construct malformed BSON in the MongoDB Server.

Mozilla · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11159Medium4.32024-11-13Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.

Netapp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-3447Medium6.02024-11-14A heap-based buffer overflow was found in the SDHCI device emulation of QEMU.

Nicejob · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10887Medium6.42024-11-13The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.7.1…

Nomysoft Informatics · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-80742024-11-12Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.

Open-emr · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-0875Medium4.82024-11-15A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1.

Openbsd · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10934Critical9.82024-11-15In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.

Openssl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4741High7.52024-11-13Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corrupti…

Opentext™ · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-109232024-11-12Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ ALM Octane Management allows Stored XSS. The vulnerability could result in a remote code execution attack.

Optimal Access · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52369Critical9.92024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access KBucket kbucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through <= 4.2.2.

Orchidsoftware · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51992Medium4.12024-11-11Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards.

Oretnom23 · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11247Low3.52024-11-15A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic.

Osamataher · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-523022024-11-14common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically.

Pimcore · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-2332Medium4.82024-11-15A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19.

Ping Identity · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-239832024-11-11Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.

Platform.ly · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51687High7.12024-11-14Cross-Site Request Forgery (CSRF) vulnerability in Platform.ly Platform.ly Official platformly allows Stored XSS.This issue affects Platform.ly Official: from n/a through <= 1.1.3.

Pluginus · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52396Medium4.92024-11-14Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through <= 1.0.8.3.

Poznan Supercomputing And Networking Center · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-71242024-11-14Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS).

Progress Software · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10012High7.82024-11-13In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.

Progress Software Corporation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9999Medium6.52024-11-12In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.

Project Worlds · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11059Medium6.32024-11-11A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88.

Psf · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1682Medium4.32024-11-14An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file.

Public · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11175Low3.52024-11-13A vulnerability was found in Public CMS 5.202406.d and classified as problematic.

Publiccms · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11070Low3.52024-11-11A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d.

Pyload · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-1240Medium6.12024-11-15An open redirection vulnerability exists in pyload/pyload version 0.5.0.

Python Software Foundation · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11168Low3.72024-11-12The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture.

Qemu · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-7730High7.42024-11-14A heap buffer overflow was found in the virtio-snd device in QEMU.

Qriouslad · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10790Medium5.42024-11-12The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping.

Rclone · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-525222024-11-15Rclone is a command-line program to sync files and directories to and from different cloud storage providers.

Really Simple Plugins · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10924Critical9.82024-11-15The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1.

Richteam · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51845High8.52024-11-11Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons – Social Media rich-web-share-button allows Blind SQL Injection.This issue affects Share Buttons – Social Media: f…

Rss_feed_widget_project · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9836Medium5.92024-11-12The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and…

Salt · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-34049Medium6.72024-11-14The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script.

Sap · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-47595Medium6.32024-11-12An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access.

Scottpaterson · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10685Medium6.12024-11-12The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escapin…

Shawfactor · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51572Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shawfactor LH QR Codes lh-qr-codes allows Stored XSS.This issue affects LH QR Codes: from n/a through <= 1.06.

Shoaib Rehmat · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52381High8.12024-11-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART zij-kart allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through <= 1.1.

Simple Goods · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51574Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Goods Simple Goods simple-goods allows Stored XSS.This issue affects Simple Goods: from n/a through <= 0.1.3.

Simplefilelist · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10146Medium5.42024-11-14The Simple File List WordPress plugin before 6.1.13 does not sanitise and escape a generated URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against admins.

Smartwpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10582Medium4.32024-11-15The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and incl…

Smub · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10593Medium4.32024-11-13The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6.

Sodah · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10816High7.52024-11-13The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file.

Softpulseinfotech · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52380Critical10.02024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in softpulseinfotech Picsmize picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through <= 1.0.0.

Staxwp · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10778Medium4.32024-11-13The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which pos…

Stirling-tools · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-522862024-11-11Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files.

Sylius · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2021-3841Medium5.42024-11-15sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files.

Symfony · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51996High7.52024-11-13Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes.

Synology · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10443Critical9.82024-11-15Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-079…

Tcl · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-111362024-11-14The default TCL Camera application exposes a provider vulnerable to path traversal vulnerability.

Team Devexhub · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52373Critical10.02024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery devexhub-gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through <= 2.0.1.

Tecno · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11206High7.52024-11-14Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.

Themeisle · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10672Low2.72024-11-12The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2.

Themeum · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10897Medium4.32024-11-15The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5.

Thimpress · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9609Medium6.12024-11-15The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to ins…

Thinkaquamarine · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9426Medium6.42024-11-13The Aqua SVG Sprite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.14 due to insufficient input sanitization and output escaping.

Timgeyssens · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11124Medium4.72024-11-12A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical.

Tobychui · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-520102024-11-12Zoraxy is a general purpose HTTP reverse proxy and forwarding tool.

Tolgee · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52297Critical9.82024-11-12Tolgee is an open-source localization platform.
CVESeverityCVSSKEVPublishedSummary
CVE-2024-11237High7.52024-11-15A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021.

Tripetto · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10260High7.22024-11-15The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.11 due to insufficient input sanitization and output escaping.

Tychesoftwares · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10882Medium6.12024-11-13The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and inc…

Ujw0l · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-51789Critical10.02024-11-11Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify image-classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through <= 1.0.0.

Unclebob · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-42499Medium5.32024-11-15Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNesse releases prior to 20241026.

Unknown · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10820Critical9.82024-11-13The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3.

Unopim · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52305Medium6.52024-11-13UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework.

Usememos · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-0109Medium5.42024-11-15A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1.

Vektor,inc. · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52268Medium4.82024-11-13Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0.

Viwis · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-8001Medium5.32024-11-13A vulnerability was found in VIWIS LMS 9.11.

Wallabag · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2023-0737Medium6.52024-11-15wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint.

Webangon · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52356Medium6.52024-11-11Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webangon The Pack Elementor addons the-pack-addon allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through <= 2.1…

Webtechglobal · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52372Critical10.02024-11-14Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA easy-csv-importer allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through <= 7.0.0.

Wedevs · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10174High7.32024-11-13The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstrac…

Wpeka · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10113Medium6.42024-11-15The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and ou…

Wpslickstream · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10179Medium6.42024-11-12The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and outp…

Wpvivid · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-10962High8.82024-11-14The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data'…

Yotpo · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9356Medium6.12024-11-15The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.9 due to insuffic…

Zenml · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-4311Medium5.42024-11-14zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function.

Zephyrproject · 1 CVE

CVESeverityCVSSKEVPublishedSummary
CVE-2024-11263Critical9.32024-11-15When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.