Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-41969 A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS.
network
low complexity
CWE-306
8.8
8.8
2024-11-18 CVE-2024-49574 SQL Injection vulnerability in Zohocorp Manageengine Adaudit Plus
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
network
low complexity
zohocorp CWE-89
8.8
8.8
2024-11-18 CVE-2024-22067 Unspecified vulnerability in ZTE Nh8091 Firmware Znh8091V1.8
ZTE NH8091 product has an improper permission control vulnerability.
network
low complexity
zte
8.8
8.8
2024-11-18 CVE-2024-11308 Unspecified vulnerability in Trcore DVC
The DVC from TRCore encrypts files using a hardcoded key.
local
low complexity
trcore
5.5
5.5
2024-11-17 CVE-2020-25720 A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation.
network
high complexity
CWE-264
7.5
7.5
2024-11-17 CVE-2023-0657 A flaw was found in Keycloak.
high complexity
CWE-273
3.4
3.4
2024-11-17 CVE-2023-1419 A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters.
network
high complexity
CWE-233
5.9
5.9
2024-11-17 CVE-2023-4639 A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests.
network
high complexity
CWE-444
7.4
7.4
2024-11-17 CVE-2024-0793 A flaw was found in kube-controller-manager.
network
low complexity
CWE-20
7.7
7.7
2024-11-16 CVE-2024-10592 The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-80
6.4
6.4