| 2024-07-02 | CVE-2024-37077 | Out-of-bounds Write vulnerability in Openatom Openharmony
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | 9.8 |
| 2024-07-02 | CVE-2024-37185 | Out-of-bounds Write vulnerability in Openatom Openharmony
in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write. | 9.8 |
| 2024-07-02 | CVE-2023-41919 | Use of Hard-coded Credentials vulnerability in Kiloview P1 Firmware and P2 Firmware
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access. | 9.8 |
| 2024-07-02 | CVE-2024-6172 | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.25 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-07-01 | CVE-2024-28200 | Improper Authentication vulnerability in N-Able N-Central 2023.4/2023.6/2023.7
The N-central server is vulnerable to an authentication bypass of the user interface. | 9.8 |
| 2024-07-01 | CVE-2024-38366 | Injection vulnerability in Cocoapods Trunk.Cocoapods.Org
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. | 10.0 |
| 2024-07-01 | CVE-2024-38367 | Unspecified vulnerability in Cocoapods Trunk.Cocoapods.Org
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. | 9.6 |
| 2024-07-01 | CVE-2024-38368 | Unspecified vulnerability in Cocoapods Trunk.Cocoapods.Org
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. | 9.3 |
| 2024-07-01 | CVE-2024-38474 | Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. | 9.8 |
| 2024-07-01 | CVE-2024-38476 | Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. | 9.8 |