Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-19 | CVE-2024-8963 | Path Traversal vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.6 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | 9.1 |
| 2024-09-19 | CVE-2024-31570 | Out-of-bounds Write vulnerability in Freeimage Project Freeimage libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | 9.8 |
| 2024-09-19 | CVE-2024-38016 | Unspecified vulnerability in Microsoft products Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 |
| 2024-09-19 | CVE-2024-8651 | Information Exposure Through Discrepancy vulnerability in Netcat Content Management System A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. | 5.3 |
| 2024-09-19 | CVE-2024-8652 | Cross-site Scripting vulnerability in Netcat Content Management System A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. | 6.1 |
| 2024-09-19 | CVE-2024-8653 | Cross-site Scripting vulnerability in Netcat Content Management System A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. | 6.1 |
| 2024-09-19 | CVE-2024-45752 | Unspecified vulnerability in Pixlone Logiops logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. | 7.3 |
| 2024-09-19 | CVE-2024-45861 | Use of Hard-coded Credentials vulnerability in Kastle Access Control System Firmware Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information. | 7.5 |
| 2024-09-19 | CVE-2024-45862 | Cleartext Storage of Sensitive Information vulnerability in Kastle Access Control System Firmware Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information. | 7.5 |
| 2024-09-19 | CVE-2024-46394 | Cross-Site Request Forgery (CSRF) vulnerability in Frogcms Project Frogcms 0.9.5 FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add | 8.8 |