Weekly Vulnerabilities Reports > November 11 to 17, 2024

Overview

500 new vulnerabilities reported during this period, including 41 critical vulnerabilities and 216 high severity vulnerabilities. This weekly summary report vulnerabilities in 231 products from 122 vendors including Microsoft, Adobe, Siemens, Ivanti, and Lopalopa. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Out-of-bounds Read", and "Missing Authorization".

  • 367 reported vulnerabilities are remotely exploitables.
  • 171 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 255 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 86 reported vulnerabilities.
  • 1000Projects has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

41 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-11-12 CVE-2024-44102 Siemens Deserialization of Untrusted Data vulnerability in Siemens Telecontrol Server Basic 3.1

A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured).

10.0
2024-11-12 CVE-2024-43602 Microsoft Unspecified vulnerability in Microsoft Azure Cyclecloud

Azure CycleCloud Remote Code Execution Vulnerability

9.9
2024-11-12 CVE-2024-46888 Siemens Path Traversal vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).

9.9
2024-11-15 CVE-2024-11256 1000Projects SQL Injection vulnerability in 1000Projects Portfolio Management System MCA 1.0

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical.

9.8
2024-11-15 CVE-2024-11257 1000Projects SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0

A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0.

9.8
2024-11-15 CVE-2024-11258 1000Projects SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0

A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0.

9.8
2024-11-15 CVE-2024-11244 Anisha SQL Injection vulnerability in Anisha Farmacia 1.0

A vulnerability classified as critical was found in code-projects Farmacia 1.0.

9.8
2024-11-15 CVE-2024-11237 TP Link Out-of-bounds Write vulnerability in Tp-Link Vn020-F3V(T) Firmware Ttv6.2.1021

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3v(T) TT_V6.2.1021.

9.8
2024-11-15 CVE-2021-3838 Dompdf Project Unspecified vulnerability in Dompdf Project Dompdf

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function.

9.8
2024-11-15 CVE-2021-3902 Dompdf Project Unspecified vulnerability in Dompdf Project Dompdf

An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks.

9.8
2024-11-15 CVE-2022-1884 Gogs Command Injection vulnerability in Gogs

A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server.

9.8
2024-11-15 CVE-2024-10443 Synology Unspecified vulnerability in Synology Beephotos and Photos

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.

9.8
2024-11-15 CVE-2024-10534 Dataprom Unspecified vulnerability in Dataprom Personnel Attendance Control Systems / Access Control Security Systems

Origin Validation Error vulnerability in Dataprom Informatics Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS) allows Traffic Injection.This issue affects Personnel Attendance Control Systems (PACS) / Access Control Security Systems (ACSS): before 2024.

9.8
2024-11-15 CVE-2024-10924 Really Simple Plugins Missing Authentication for Critical Function vulnerability in Really-Simple-Plugins Really Simple Security

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1.

9.8
2024-11-14 CVE-2024-50823 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

9.8
2024-11-14 CVE-2024-50833 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters.

9.8
2024-11-14 CVE-2024-11209 Apereo Improper Authentication vulnerability in Apereo Central Authentication Service 6.6.0

A vulnerability was found in Apereo CAS 6.6.

9.8
2024-11-13 CVE-2024-52306 Backpackforlaravel Unspecified vulnerability in Backpackforlaravel Filemanager

FileManager provides a Backpack admin interface for files and folder.

9.8
2024-11-13 CVE-2024-48510 Dotnetzip Semverd Project Path Traversal vulnerability in Dotnetzip.Semverd Project Dotnetzip.Semverd 1.11.0

Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

9.8
2024-11-13 CVE-2024-10575 Schneider Electric Unspecified vulnerability in Schneider-Electric Ecostruxure IT Gateway

CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.

9.8
2024-11-13 CVE-2024-21541 Matthewmueller Code Injection vulnerability in Matthewmueller Dom-Iterator

All versions of the package dom-iterator are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization.

9.8
2024-11-13 CVE-2024-10820 Vanquish Unspecified vulnerability in Vanquish Woocommerce Upload Files

The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3.

9.8
2024-11-13 CVE-2024-10828 Algolplus Unspecified vulnerability in Algolplus Advanced Order Export for Woocommerce

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled.

9.8
2024-11-12 CVE-2024-28729 Dlink Unspecified vulnerability in Dlink Dwr-2000M Firmware 1.34Me

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request.

9.8
2024-11-12 CVE-2024-43498 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Remote Code Execution Vulnerability

9.8
2024-11-12 CVE-2024-43639 Microsoft Unspecified vulnerability in Microsoft products

Windows KDC Proxy Remote Code Execution Vulnerability

9.8
2024-11-12 CVE-2024-50557 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2).

9.8
2024-11-12 CVE-2024-10245 The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.
9.8
2024-11-12 CVE-2024-11100 1000Projects SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0.

9.8
2024-11-12 CVE-2024-11101 1000Projects SQL Injection vulnerability in 1000Projects Beauty Parlour Management System 1.0

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0.

9.8
2024-11-12 CVE-2024-11099 Anisha SQL Injection vulnerability in Anisha JOB Recruitment 1.0

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical.

9.8
2024-11-11 CVE-2024-11077 Anisha SQL Injection vulnerability in Anisha JOB Recruitment 1.0

A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0.

9.8
2024-11-11 CVE-2024-11074 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Tailoring Management System 1.0

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0.

9.8
2024-11-11 CVE-2024-11076 Anisha SQL Injection vulnerability in Anisha JOB Recruitment 1.0

A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0.

9.8
2024-11-11 CVE-2024-11016 Vice SQL Injection vulnerability in Vice Webopac 7.1.20160701

Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.

9.8
2024-11-11 CVE-2024-51793 Webfulcreations Unrestricted Upload of File with Dangerous Type vulnerability in Webfulcreations Computer Repair Shop

Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a through 3.8115.

9.8
2024-11-11 CVE-2024-11059 Projectworlds SQL Injection vulnerability in Projectworlds Free Download Online Shopping System

A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88.

9.8
2024-11-14 CVE-2024-52308 Github Unspecified vulnerability in Github CLI

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands.

9.6
2024-11-12 CVE-2024-46890 Siemens OS Command Injection vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).

9.1
2024-11-13 CVE-2024-52300 Xwiki Cross-site Scripting vulnerability in Xwiki PDF Viewer Macro

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.

9.0
2024-11-11 CVE-2024-51490 Ampache Cross-site Scripting vulnerability in Ampache 7.0.0

Ampache is a web based audio/video streaming application and file manager.

9.0

216 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-11-15 CVE-2024-49060 Azure Stack HCI Elevation of Privilege Vulnerability
8.8
2024-11-15 CVE-2024-41679 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

8.8
2024-11-15 CVE-2024-45608 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

8.8
2024-11-15 CVE-2024-40638 Glpi Project Unspecified vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

8.8
2024-11-15 CVE-2024-11248 Tenda Unspecified vulnerability in Tenda Ac10 Firmware 16.03.10.13

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical.

8.8
2024-11-15 CVE-2024-44625 Gogs Path Traversal vulnerability in Gogs

Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.

8.8
2024-11-15 CVE-2021-3742 Chatwoot Unspecified vulnerability in Chatwoot

A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0.

8.8
2024-11-15 CVE-2024-10311 Cmorillas1 Unspecified vulnerability in Cmorillas1 External Database Based Actions 0.1

The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1.

8.8
2024-11-14 CVE-2024-11212 Mayurik SQL Injection vulnerability in Mayurik Best Employee Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0.

8.8
2024-11-14 CVE-2024-10962 The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions.
8.8
2024-11-14 CVE-2024-9693 Gitlab Incorrect Authorization vulnerability in Gitlab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.

8.8
2024-11-13 CVE-2024-50970 Nikoarroyocuraza SQL Injection vulnerability in Nikoarroyocuraza Online Furniture Shopping Project 1.0

A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

8.8
2024-11-13 CVE-2024-50852 Tendacn Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.

8.8
2024-11-13 CVE-2024-50853 Tendacn Command Injection vulnerability in Tendacn G3 Firmware 15.11.0.20

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.

8.8
2024-11-13 CVE-2024-50854 Tendacn Out-of-bounds Write vulnerability in Tendacn G3 Firmware 15.11.0.20

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.

8.8
2024-11-13 CVE-2024-10629 The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8.
8.8
2024-11-12 CVE-2024-36513 Fortinet Privilege Context Switching Error vulnerability in Fortinet Forticlient

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts.

8.8
2024-11-12 CVE-2024-38255 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-43459 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-43462 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-43620 Microsoft Unspecified vulnerability in Microsoft products

Windows Telephony Service Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-43621 Microsoft Unspecified vulnerability in Microsoft products

Windows Telephony Service Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-43622 Microsoft Unspecified vulnerability in Microsoft products

Windows Telephony Service Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-43624 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

8.8
2024-11-12 CVE-2024-43627 Microsoft Unspecified vulnerability in Microsoft products

Windows Telephony Service Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-43628 Microsoft Unspecified vulnerability in Microsoft products

Windows Telephony Service Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-43635 Microsoft Unspecified vulnerability in Microsoft products

Windows Telephony Service Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-48993 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-48994 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-48995 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-48996 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-48997 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-48998 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-48999 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49000 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49001 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49002 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49003 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49004 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49005 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49006 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49007 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49008 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49009 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49010 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49011 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49012 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49013 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49014 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49015 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49016 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49017 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49018 Microsoft Unspecified vulnerability in Microsoft SQL Server 2016, SQL Server 2017 and SQL Server 2019

SQL Server Native Client Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-49039 Microsoft Unspecified vulnerability in Microsoft products

Windows Task Scheduler Elevation of Privilege Vulnerability

8.8
2024-11-12 CVE-2024-49050 Microsoft Unspecified vulnerability in Microsoft Python Extension

Visual Studio Code Python Extension Remote Code Execution Vulnerability

8.8
2024-11-12 CVE-2024-50329 Ivanti Path Traversal vulnerability in Ivanti Endpoint Manager

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.

8.8
2024-11-12 CVE-2024-11127 Anisha SQL Injection vulnerability in Anisha JOB Recruitment 1.0

A vulnerability was found in code-projects Job Recruitment up to 1.0.

8.8
2024-11-11 CVE-2024-11061 Tenda Stack-based Buffer Overflow vulnerability in Tenda Ac10 Firmware 16.03.10.13

A vulnerability classified as critical was found in Tenda AC10 16.03.10.13.

8.8
2024-11-12 CVE-2024-51093 Snipeitapp Cross-site Scripting vulnerability in Snipeitapp Snipe-It 7.0.13

Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code.

8.7
2024-11-11 CVE-2024-51486 Ampache Unspecified vulnerability in Ampache 7.0.0

Ampache is a web based audio/video streaming application and file manager.

8.4
2024-11-15 CVE-2024-39726 IBM XXE vulnerability in IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2/7.0.3

IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.2
2024-11-14 CVE-2024-3379 Lunary Incorrect Authorization vulnerability in Lunary

In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to.

8.1
2024-11-14 CVE-2024-3501 Lunary Insecure Storage of Sensitive Information vulnerability in Lunary

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints.

8.1
2024-11-14 CVE-2024-3502 Lunary Insecure Storage of Sensitive Information vulnerability in Lunary

In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors.

8.1
2024-11-14 CVE-2024-11208 Apereo Unspecified vulnerability in Apereo Central Authentication Service 6.6.0

A vulnerability was found in Apereo CAS 6.6 and classified as problematic.

8.1
2024-11-14 CVE-2024-45670 IBM Weak Password Recovery Mechanism for Forgotten Password vulnerability in IBM Soar

IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.

8.1
2024-11-12 CVE-2024-43447 Microsoft Unspecified vulnerability in Microsoft Windows Server 2022

Windows SMBv3 Server Remote Code Execution Vulnerability

8.1
2024-11-12 CVE-2024-43598 Microsoft Unspecified vulnerability in Microsoft Lightgbm

LightGBM Remote Code Execution Vulnerability

8.1
2024-11-12 CVE-2024-43625 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows VMSwitch Elevation of Privilege Vulnerability

8.1
2024-11-12 CVE-2024-49048 Microsoft Unspecified vulnerability in Microsoft Torchgeo

TorchGeo Remote Code Execution Vulnerability

8.1
2024-11-12 CVE-2024-46892 Siemens Insufficient Session Expiration vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).

8.1
2024-11-11 CVE-2024-51484 Ampache Cross-Site Request Forgery (CSRF) vulnerability in Ampache 7.0.0

Ampache is a web based audio/video streaming application and file manager.

8.1
2024-11-11 CVE-2024-51485 Ampache Cross-Site Request Forgery (CSRF) vulnerability in Ampache 7.0.0

Ampache is a web based audio/video streaming application and file manager.

8.1
2024-11-11 CVE-2024-51487 Ampache Cross-Site Request Forgery (CSRF) vulnerability in Ampache 7.0.0

Ampache is a web based audio/video streaming application and file manager.

8.1
2024-11-11 CVE-2024-11073 Mayurik Authorization Bypass Through User-Controlled Key vulnerability in Mayurik Hospital Management System 1.0

A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0.

8.1
2024-11-15 CVE-2024-11262 Razormist Out-of-bounds Write vulnerability in Razormist Student Record Management System 1.0

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as critical.

7.8
2024-11-13 CVE-2023-35659 Google Unspecified vulnerability in Google Android

In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code.

7.8
2024-11-13 CVE-2023-35686 Google Unspecified vulnerability in Google Android

In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation.

7.8
2024-11-13 CVE-2024-23715 Google Out-of-bounds Write vulnerability in Google Android

In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code.

7.8
2024-11-13 CVE-2024-43093 Google Unspecified vulnerability in Google Android

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization.

7.8
2024-11-13 CVE-2024-37398 Ivanti Unspecified vulnerability in Ivanti Secure Access Client

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

7.8
2024-11-12 CVE-2024-49507 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-49508 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-49509 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47426 Adobe Double Free vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47427 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47428 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47429 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47430 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47431 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47432 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47433 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47434 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-49515 Adobe Untrusted Search Path vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code.

7.8
2024-11-12 CVE-2024-49516 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-49517 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-49518 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-49519 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-49520 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-49525 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-36507 Fortinet Untrusted Search Path vulnerability in Fortinet Forticlient

A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering.

7.8
2024-11-12 CVE-2024-45114 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47441 Adobe Out-of-bounds Write vulnerability in Adobe After Effects

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47442 Adobe Out-of-bounds Write vulnerability in Adobe After Effects

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47443 Adobe Out-of-bounds Write vulnerability in Adobe After Effects

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47450 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47451 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-47452 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2024-11-12 CVE-2024-21937 AMD Incorrect Default Permissions vulnerability in AMD Radeon Software and Radeon Software for HIP

Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

7.8
2024-11-12 CVE-2024-21974 AMD Unspecified vulnerability in AMD Ryzen AI Software

Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

7.8
2024-11-12 CVE-2024-21975 AMD Unspecified vulnerability in AMD Ryzen AI Software

Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

7.8
2024-11-12 CVE-2024-43530 Microsoft Unspecified vulnerability in Microsoft products

Windows Update Stack Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43623 Microsoft Unspecified vulnerability in Microsoft products

Windows NT OS Kernel Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43626 Microsoft Unspecified vulnerability in Microsoft products

Windows Telephony Service Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43629 Microsoft Unspecified vulnerability in Microsoft products

Windows DWM Core Library Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43630 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43631 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43636 Microsoft Unspecified vulnerability in Microsoft products

Win32k Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43640 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43641 Microsoft Unspecified vulnerability in Microsoft products

Windows Registry Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43644 Microsoft Unspecified vulnerability in Microsoft products

Windows Client-Side Caching Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-43645 Microsoft Unspecified vulnerability in Microsoft products

Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability

7.8
2024-11-12 CVE-2024-43646 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-49019 Microsoft Unspecified vulnerability in Microsoft products

Active Directory Certificate Services Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-49021 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL Server Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49026 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49027 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49028 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49029 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49030 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49031 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49032 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Graphics Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49043 Microsoft Unspecified vulnerability in Microsoft products

Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

7.8
2024-11-12 CVE-2024-49046 Microsoft Unspecified vulnerability in Microsoft products

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-49051 Microsoft Unspecified vulnerability in Microsoft PC Manager

Microsoft PC Manager Elevation of Privilege Vulnerability

7.8
2024-11-12 CVE-2024-50322 Ivanti Path Traversal vulnerability in Ivanti Endpoint Manager

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution.

7.8
2024-11-12 CVE-2024-50323 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution.

7.8
2024-11-12 CVE-2024-29119 Siemens Unspecified vulnerability in Siemens Spectrum Power 7 2.20/2.30/23Q3

A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3).

7.8
2024-11-12 CVE-2024-47783 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Siport

A vulnerability has been identified in SIPORT (All versions < V3.4.0).

7.8
2024-11-12 CVE-2024-47940 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2024

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9).

7.8
2024-11-12 CVE-2024-47941 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge Se2024

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9).

7.8
2024-11-12 CVE-2024-48837 Dell Unspecified vulnerability in Dell Smartfabric Os10

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability.

7.8
2024-11-12 CVE-2024-49557 Dell Command Injection vulnerability in Dell Smartfabric Os10

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability.

7.8
2024-11-12 CVE-2024-49558 Dell Unspecified vulnerability in Dell Smartfabric Os10

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability.

7.8
2024-11-12 CVE-2024-49560 Dell Command Injection vulnerability in Dell Smartfabric Os10

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability.

7.8
2024-11-17 CVE-2024-0793 A flaw was found in kube-controller-manager.
7.7
2024-11-14 CVE-2022-31668 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Harbor

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.

7.7
2024-11-14 CVE-2022-31669 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Harbor

Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects.

7.7
2024-11-14 CVE-2022-31670 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Harbor

Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention policies configured in other projects.

7.7
2024-11-12 CVE-2024-49521 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce

Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass.

7.7
2024-11-17 CVE-2020-25720 A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation.
7.5
2024-11-15 CVE-2024-50653 Crmeb Unspecified vulnerability in Crmeb

CRMEB <=5.4.0 is vulnerable to Incorrect Access Control.

7.5
2024-11-15 CVE-2024-50654 Pickmall Unspecified vulnerability in Pickmall Lilishop

lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can allow attackers to obtain coupons beyond the quantity limit by capturing and sending the data packets for coupon collection in high concurrency.

7.5
2024-11-15 CVE-2022-20685 A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic.
7.5
2024-11-15 CVE-2024-11245 Anisha SQL Injection vulnerability in Anisha Farmacia 1.0

A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0.

7.5
2024-11-15 CVE-2024-41784 IBM Path Traversal vulnerability in IBM Sterling Secure Proxy

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system.

7.5
2024-11-15 CVE-2024-11241 Anisha SQL Injection vulnerability in Anisha JOB Recruitment 1.0

A vulnerability was found in code-projects Job Recruitment 1.0.

7.5
2024-11-14 CVE-2024-50968 Adonesevangelista Unspecified vulnerability in Adonesevangelista Agri-Trading Online Shopping System 1.0

A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart.

7.5
2024-11-14 CVE-2024-3760 Lunary Unspecified vulnerability in Lunary

In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability.

7.5
2024-11-14 CVE-2022-2232 A flaw was found in the Keycloak package.
7.5
2024-11-13 CVE-2024-52298 Xwiki Unspecified vulnerability in Xwiki PDF Viewer Macro

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.

7.5
2024-11-13 CVE-2024-52299 Xwiki Unspecified vulnerability in Xwiki PDF Viewer Macro

macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js.

7.5
2024-11-13 CVE-2024-9409 Schneider Electric Unspecified vulnerability in Schneider-Electric products

CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the network.

7.5
2024-11-13 CVE-2024-10816 The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file.
7.5
2024-11-12 CVE-2024-43450 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Spoofing Vulnerability

7.5
2024-11-12 CVE-2024-43452 Microsoft Unspecified vulnerability in Microsoft products

Windows Registry Elevation of Privilege Vulnerability

7.5
2024-11-12 CVE-2024-43499 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Denial of Service Vulnerability

7.5
2024-11-12 CVE-2024-43642 Microsoft Unspecified vulnerability in Microsoft products

Windows SMB Denial of Service Vulnerability

7.5
2024-11-12 CVE-2024-49033 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Word Security Feature Bypass Vulnerability

7.5
2024-11-12 CVE-2024-49040 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Spoofing Vulnerability

7.5
2024-11-12 CVE-2024-47907 Ivanti Out-of-bounds Write vulnerability in Ivanti Connect Secure

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service.

7.5
2024-11-12 CVE-2024-50317 Ivanti NULL Pointer Dereference vulnerability in Ivanti Avalanche

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

7.5
2024-11-12 CVE-2024-50318 Ivanti NULL Pointer Dereference vulnerability in Ivanti Avalanche

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

7.5
2024-11-12 CVE-2024-50319 Ivanti Infinite Loop vulnerability in Ivanti Avalanche

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

7.5
2024-11-12 CVE-2024-50320 Ivanti Infinite Loop vulnerability in Ivanti Avalanche

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

7.5
2024-11-12 CVE-2024-50321 Ivanti Infinite Loop vulnerability in Ivanti Avalanche

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

7.5
2024-11-12 CVE-2024-50310 Siemens Incorrect Authorization vulnerability in Siemens Simatic CP 1543-1 Firmware

A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50).

7.5
2024-11-17 CVE-2023-4639 A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests.
7.4
2024-11-14 CVE-2022-31671 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Harbor

Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs.

7.4
2024-11-13 CVE-2024-10174 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key.
7.3
2024-11-12 CVE-2024-49056 Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.
7.3
2024-11-12 CVE-2023-32736 A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0).
7.3
2024-11-12 CVE-2024-47942 Siemens Uncontrolled Search Path Element vulnerability in Siemens Solid Edge Se2024

A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9).

7.3
2024-11-14 CVE-2024-50824 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.

7.2
2024-11-14 CVE-2024-50825 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.

7.2
2024-11-14 CVE-2024-50826 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.

7.2
2024-11-14 CVE-2024-50827 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter.

7.2
2024-11-14 CVE-2024-50828 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter.

7.2
2024-11-14 CVE-2024-50829 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter.

7.2
2024-11-14 CVE-2024-50830 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters.

7.2
2024-11-14 CVE-2024-50831 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters.

7.2
2024-11-14 CVE-2024-50832 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter.

7.2
2024-11-14 CVE-2024-50834 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters.

7.2
2024-11-14 CVE-2024-50835 Lopalopa SQL Injection vulnerability in Lopalopa E-Learning Management System 1.0

A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters.

7.2
2024-11-14 CVE-2024-11213 Mayurik SQL Injection vulnerability in Mayurik Best Employee Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0.

7.2
2024-11-14 CVE-2024-11214 Mayurik Unrestricted Upload of File with Dangerous Type vulnerability in Mayurik Best Employee Management System 1.0

A vulnerability has been found in SourceCodester Best Employee Management System 1.0 and classified as critical.

7.2
2024-11-14 CVE-2024-11211 Eyoucms Unrestricted Upload of File with Dangerous Type vulnerability in Eyoucms

A vulnerability classified as critical has been found in EyouCMS up to 1.6.7.

7.2
2024-11-13 CVE-2024-52291 Craftcms Unspecified vulnerability in Craftcms Craft CMS

Craft is a content management system (CMS).

7.2
2024-11-13 CVE-2024-50971 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Construction Management System 1.0

A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.

7.2
2024-11-13 CVE-2024-50972 Angeljudesuarez SQL Injection vulnerability in Angeljudesuarez Construction Management System 1.0

A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.

7.2
2024-11-13 CVE-2024-52293 Craftcms Unspecified vulnerability in Craftcms Craft CMS

Craft is a content management system (CMS).

7.2
2024-11-12 CVE-2024-43613 Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
7.2
2024-11-12 CVE-2024-49042 Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability
7.2
2024-11-12 CVE-2024-11007 Ivanti OS Command Injection vulnerability in Ivanti Connect Secure 22.7/7.1/7.4

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-11-12 CVE-2024-50324 Ivanti Path Traversal vulnerability in Ivanti Endpoint Manager

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-11-12 CVE-2024-50326 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-11-12 CVE-2024-50327 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-11-12 CVE-2024-50328 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

7.2
2024-11-12 CVE-2024-11124 Timgeyssens SQL Injection vulnerability in Timgeyssens Ui-O-Matic

A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical.

7.2
2024-11-12 CVE-2024-50572 Siemens Command Injection vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2).

7.2
2024-11-11 CVE-2024-11062 Dlink OS Command Injection vulnerability in Dlink Dsl6740C Firmware

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

7.2
2024-11-11 CVE-2024-11063 Dlink OS Command Injection vulnerability in Dlink Dsl6740C Firmware

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

7.2
2024-11-11 CVE-2024-11064 Dlink OS Command Injection vulnerability in Dlink Dsl6740C Firmware

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

7.2
2024-11-11 CVE-2024-11065 Dlink OS Command Injection vulnerability in Dlink Dsl6740C Firmware

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet.

7.2
2024-11-12 CVE-2024-49049 Microsoft Unspecified vulnerability in Microsoft Remote SSH

Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

7.1
2024-11-12 CVE-2024-47595 SAP Unspecified vulnerability in SAP Host Agent 7.22

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access.

7.1

240 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-11-12 CVE-2024-43449 Microsoft Unspecified vulnerability in Microsoft products

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

6.8
2024-11-12 CVE-2024-43634 Microsoft Unspecified vulnerability in Microsoft products

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

6.8
2024-11-12 CVE-2024-43637 Microsoft Unspecified vulnerability in Microsoft products

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

6.8
2024-11-12 CVE-2024-43638 Microsoft Unspecified vulnerability in Microsoft products

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

6.8
2024-11-12 CVE-2024-43643 Microsoft Unspecified vulnerability in Microsoft products

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

6.8
2024-11-12 CVE-2024-8881 Zyxel OS Command Injection vulnerability in Zyxel products

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request.

6.8
2024-11-13 CVE-2024-39609 Intel Unspecified vulnerability in Intel Server Board M70Klp2Sb Firmware 01.04.0022

Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2024-11-13 CVE-2024-41167 Intel Unspecified vulnerability in Intel M10Jnp2Sb Firmware 7.209/7.210/7.216

Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2024-11-12 CVE-2024-40592 Fortinet Improper Verification of Cryptographic Signature vulnerability in Fortinet Forticlient

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to swap the installer with a malicious package via a race condition during the installation process.

6.7
2024-11-12 CVE-2024-49044 Microsoft Improper Access Control vulnerability in Microsoft Visual Studio 2022

Visual Studio Elevation of Privilege Vulnerability

6.7
2024-11-15 CVE-2021-1484 A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to inject arbitrary commands on an affected system and cause a denial of service (DoS) condition. This vulnerability is due to improper input validation of user-supplied input to the device template configuration.
6.5
2024-11-15 CVE-2022-20656 A vulnerability in the web-based management interface of Cisco&nbsp;PI and Cisco&nbsp;EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device.
6.5
2024-11-15 CVE-2022-20931 A vulnerability in the version control of Cisco&nbsp;TelePresence CE Software for Cisco&nbsp;Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control.
6.5
2024-11-15 CVE-2024-50651 Geeeeeeeek Authorization Bypass Through User-Controlled Key vulnerability in Geeeeeeeek Java Shop 1.0

java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter.

6.5
2024-11-15 CVE-2023-0737 Wallabag Unspecified vulnerability in Wallabag 2.5.2

wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint.

6.5
2024-11-13 CVE-2024-52292 Craftcms Unspecified vulnerability in Craftcms Craft CMS

Craft is a content management system (CMS).

6.5
2024-11-13 CVE-2024-8049 Progress Unspecified vulnerability in Progress Telerik Document Processing Libraries

In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.

6.5
2024-11-13 CVE-2024-10717 The Styler for Ninja Forms plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the deactivate_license function in all versions up to, and including, 3.3.4.
6.5
2024-11-12 CVE-2024-43451 Microsoft Unspecified vulnerability in Microsoft products

NTLM Hash Disclosure Spoofing Vulnerability

6.5
2024-11-12 CVE-2024-43633 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2

Windows Hyper-V Denial of Service Vulnerability

6.5
2024-11-12 CVE-2024-47808 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sinec NMS

A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1).

6.5
2024-11-12 CVE-2024-11096 Code Projects SQL Injection vulnerability in Code-Projects Task Manager 1.0

A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0.

6.5
2024-11-11 CVE-2024-51820 Lsquared SQL Injection vulnerability in Lsquared L Squared HUB

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in L Squared Support L Squared Hub WP allows SQL Injection.This issue affects L Squared Hub WP: from n/a through 1.0.

6.5
2024-11-11 CVE-2024-51837 Andsonsdesign SQL Injection vulnerability in Andsonsdesign Wp-Contest 1.0.0

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SONS Creative Development WP Contest allows SQL Injection.This issue affects WP Contest: from n/a through 1.0.0.

6.5
2024-11-11 CVE-2024-51843 Olland SQL Injection vulnerability in Olland Horsemanager

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Olland.Biz Horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through 1.3.

6.5
2024-11-11 CVE-2024-51882 Ehues SQL Injection vulnerability in Ehues Gboy Custom Google MAP

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ehues Gboy Custom Google Map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through 1.2.

6.5
2024-11-16 CVE-2024-10592 The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping.
6.4
2024-11-16 CVE-2024-10015 The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping.
6.4
2024-11-16 CVE-2024-10017 The PJW Mime Config plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
6.4
2024-11-16 CVE-2024-11092 The SVGPlus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping.
6.4
2024-11-16 CVE-2024-9386 The Exclusive Divi – Divi Preloader, Modules for Divi & Extra Theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping.
6.4
2024-11-16 CVE-2024-9850 The SVG Case Study plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping.
6.4
2024-11-15 CVE-2021-1482 A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain access to sensitive information on an affected system. This vulnerability is due to insufficient authorization checks.
6.4
2024-11-15 CVE-2021-1483 A vulnerability in the web UI of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when the affected software parses certain XML files.
6.4
2024-11-14 CVE-2022-31667 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Harbor

Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.

6.4
2024-11-13 CVE-2024-10887 The NiceJob plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes (nicejob-lead, nicejob-review, nicejob-engage, nicejob-badge, nicejob-stories) in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-11-13 CVE-2024-8985 The Social Proof (Testimonial) Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spslider-block shortcode in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-11-12 CVE-2024-10179 The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes.
6.4
2024-11-16 CVE-2024-10262 The The Drop Shadow Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.14.
6.3
2024-11-15 CVE-2022-20871 A vulnerability in the web management interface of Cisco&nbsp;AsyncOS for Cisco&nbsp;Secure Web Appliance, formerly Cisco&nbsp;Web Security Appliance (WSA),&nbsp;could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface.
6.3
2024-11-12 CVE-2024-46894 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
6.3
2024-11-13 CVE-2024-7295 Progress Use of Hard-coded Credentials vulnerability in Progress Telerik Report Server

In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.

6.2
2024-11-16 CVE-2024-10875 The Gallery Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_Query_Arg without appropriate escaping on the URL in all versions up to, and including, 1.6.58.
6.1
2024-11-16 CVE-2024-10884 The SimpleForm Contact Form Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.0.
6.1
2024-11-16 CVE-2024-8873 The PeproDev WooCommerce Receipt Uploader plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.6.9.
6.1
2024-11-16 CVE-2024-9938 The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping.
6.1
2024-11-15 CVE-2024-11261 Razormist Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Razormist Student Record Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Student Record Management System 1.0.

6.1
2024-11-15 CVE-2024-45610 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.

6.1
2024-11-15 CVE-2024-11259 Code Projects Cross-site Scripting vulnerability in Code-Projects Farmacia 1.0

A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0.

6.1
2024-11-15 CVE-2024-45609 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.

6.1
2024-11-15 CVE-2024-43417 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

6.1
2024-11-15 CVE-2024-43418 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

6.1
2024-11-15 CVE-2024-41678 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI is a free asset and IT management software package.

6.1
2024-11-15 CVE-2022-20632 A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input.
6.1
2024-11-15 CVE-2022-20631 A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input.
6.1
2024-11-15 CVE-2022-20654 A vulnerability in the web-based interface of Cisco&nbsp;Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco&nbsp;Webex Meetings.
6.1
2024-11-15 CVE-2022-20663 A vulnerability in the web-based management interface of Cisco&nbsp;Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software.
6.1
2024-11-15 CVE-2022-20849 A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco&nbsp;IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash. This vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence.
6.1
2024-11-15 CVE-2023-20060 A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.
6.1
2024-11-15 CVE-2024-41785 IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting.
6.1
2024-11-15 CVE-2024-11240 Ibphoenix Cross-site Scripting vulnerability in Ibphoenix Ibwebadmin

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic.

6.1
2024-11-15 CVE-2021-3988 Janeczku Unspecified vulnerability in Janeczku Calibre-Web

A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`.

6.1
2024-11-15 CVE-2024-11182 Mdaemon Cross-site Scripting vulnerability in Mdaemon 5.0/5.0.6

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c.

6.1
2024-11-15 CVE-2024-1240 Pyload Unspecified vulnerability in Pyload 0.5.0

An open redirection vulnerability exists in pyload/pyload version 0.5.0.

6.1
2024-11-15 CVE-2024-10825 Wpplugins Cross-site Scripting vulnerability in Wpplugins Hide MY WP Ghost

The Hide My WP Ghost – Security & Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL in all versions up to, and including, 5.3.01 due to insufficient input sanitization and output escaping.

6.1
2024-11-15 CVE-2024-10260 Tripetto Unspecified vulnerability in Tripetto

The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping.

6.1
2024-11-15 CVE-2024-10793 Melapress Unspecified vulnerability in Melapress WP Activity LOG

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping.

6.1
2024-11-15 CVE-2024-39610 Cleancoder Cross-site Scripting vulnerability in Cleancoder Fitnesse

Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026.

6.1
2024-11-15 CVE-2024-9356 Yotpo Cross-site Scripting vulnerability in Yotpo

The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping.

6.1
2024-11-15 CVE-2024-9609 Thimpress Cross-site Scripting vulnerability in Thimpress Learnpress Export Import

The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping.

6.1
2024-11-14 CVE-2024-51679 Appointmind Cross-Site Request Forgery (CSRF) vulnerability in Appointmind

Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0.

6.1
2024-11-13 CVE-2024-50969 Anisha Cross-site Scripting vulnerability in Anisha Jonnys Liquor 1.0

A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter.

6.1
2024-11-13 CVE-2024-49505 Opensuse Cross-site Scripting vulnerability in Opensuse Mirrorcache

A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the  REGEX and P parameters. This issue affects MirrorCache before 1.083.

6.1
2024-11-13 CVE-2024-9477 Airties Cross-site Scripting vulnerability in Airties Air4443 Firmware

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024. NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.

6.1
2024-11-13 CVE-2024-10877 Advancedformintegration Cross-site Scripting vulnerability in Advancedformintegration Advanced Form Integration

The AFI – The Easiest Integration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.92.0.

6.1
2024-11-13 CVE-2024-10684 Kognetiks Cross-site Scripting vulnerability in Kognetiks Chatbot

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dir' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping.

6.1
2024-11-13 CVE-2024-10882 The Product Delivery Date for WooCommerce – Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.8.0.
6.1
2024-11-13 CVE-2024-10038 The WP-Strava plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.1 due to insufficient input sanitization and output escaping.
6.1
2024-11-13 CVE-2024-10686 The Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'style_scheme' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping.
6.1
2024-11-13 CVE-2024-10850 The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5.
6.1
2024-11-13 CVE-2024-10851 The Razorpay Payment Button Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6.
6.1
2024-11-13 CVE-2024-8874 The AJAX Login and Registration modal popup + inline form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.24.
6.1
2024-11-13 CVE-2024-9614 The Constant Contact Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2.
6.1
2024-11-12 CVE-2024-50561 Siemens Cross-site Scripting vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2).

6.1
2024-11-12 CVE-2024-9357 The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping.
6.1
2024-11-12 CVE-2024-10685 Wpplugin Cross-site Scripting vulnerability in Wpplugin Contact Form 7 Redirect & Thank YOU Page

The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping.

6.1
2024-11-11 CVE-2024-11019 Vice Cross-site Scripting vulnerability in Vice Webopac 7.1.20160701

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques.

6.1
2024-11-17 CVE-2023-1419 A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters.
5.9
2024-11-15 CVE-2024-43189 IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
5.9
2024-11-15 CVE-2024-0787 Phpipam Unspecified vulnerability in PHPipam

phpIPAM version 1.5.1 contains a vulnerability where an attacker can bypass the IP block mechanism to brute force passwords for users by using the 'X-Forwarded-For' header.

5.9
2024-11-12 CVE-2024-38264 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability

5.9
2024-11-12 CVE-2024-49393 Neomutt
Mutt
Redhat
Improper Verification of Cryptographic Signature vulnerability in multiple products

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

5.9
2024-11-15 CVE-2024-8978 Wpdeveloper Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_register_user_email_controls' function.

5.7
2024-11-15 CVE-2024-8979 Wpdeveloper Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'init_content_lostpassword_user_email_controls' function.

5.7
2024-11-15 CVE-2024-49536 Adobe Out-of-bounds Read vulnerability in Adobe Audition

Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-15 CVE-2023-4679 Gpac Unspecified vulnerability in Gpac 2.3.0Dev

A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38.

5.5
2024-11-14 CVE-2017-13227 Google Unspecified vulnerability in Google Android 8.0/8.1

In the autofill service, the package name that is provided by the app process is trusted inappropriately.

5.5
2024-11-14 CVE-2024-52613 Justdan96 Out-of-bounds Read vulnerability in Justdan96 Tsmuxer Nightly20240512020118

A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file.

5.5
2024-11-14 CVE-2023-4134 Linux
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel.

5.5
2024-11-12 CVE-2024-49510 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-49511 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-49512 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47435 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47436 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47437 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47438 Adobe Out-of-bounds Write vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak.

5.5
2024-11-12 CVE-2024-47439 Adobe NULL Pointer Dereference vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.

5.5
2024-11-12 CVE-2024-47440 Adobe Out-of-bounds Read vulnerability in Adobe Substance 3D Painter

Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-45147 Adobe Out-of-bounds Read vulnerability in Adobe Bridge

Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47444 Adobe Out-of-bounds Read vulnerability in Adobe After Effects

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47445 Adobe Out-of-bounds Read vulnerability in Adobe After Effects

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47446 Adobe Out-of-bounds Read vulnerability in Adobe After Effects

After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47449 Adobe Out-of-bounds Read vulnerability in Adobe Audition

Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47453 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47454 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47455 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47456 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-47457 Adobe NULL Pointer Dereference vulnerability in Adobe Illustrator

Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.

5.5
2024-11-12 CVE-2024-47458 Adobe NULL Pointer Dereference vulnerability in Adobe Bridge

Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service.

5.5
2024-11-12 CVE-2024-21949 AMD Unspecified vulnerability in AMD Ryzen AI Software

Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash.

5.5
2024-11-12 CVE-2024-38203 Microsoft Unspecified vulnerability in Microsoft products

Windows Package Library Manager Information Disclosure Vulnerability

5.5
2024-11-12 CVE-2024-49527 Adobe Out-of-bounds Read vulnerability in Adobe Animate

Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2024-11-12 CVE-2024-11097 Razormist Infinite Loop vulnerability in Razormist Student Record Management System 1.0

A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic.

5.5
2024-11-11 CVE-2024-50263 Linux Unspecified vulnerability in Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to duplicate maple tree in dup_mmap()") makes this more pertinent as we may be in a state where entries in the maple tree are not yet consistent. Their placement early in dup_mmap() only appears to have been meaningful for early error checking, and since functionally it'd require a very small allocation to fail (in practice 'too small to fail') that'd only occur in the most dire circumstances, meaning the fork would fail or be OOM'd in any case. Since both khugepaged and KSM tracking are there to provide optimisations to memory performance rather than critical functionality, it doesn't really matter all that much if, under such dire memory pressure, we fail to register an mm with these. As a result, we follow the example of commit d2081b2bf819 ("mm: khugepaged: make khugepaged_enter() void function") and make ksm_fork() a void function also. We only expose the mm to these functions once we are done with them and only if no error occurred in the fork operation.

5.5
2024-11-16 CVE-2024-11085 The WP Log Viewer plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on several AJAX actions in all versions up to, and including, 1.2.1.
5.4
2024-11-15 CVE-2024-45611 Glpi Project Unspecified vulnerability in Glpi-Project Glpi

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing.

5.4
2024-11-15 CVE-2024-11247 Oretnom23 Unspecified vulnerability in Oretnom23 Online Eyewear Shop 1.0

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic.

5.4
2024-11-15 CVE-2024-50655 Emlog Cross-site Scripting vulnerability in Emlog

emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS), which allows attackers to write malicious JavaScript code in published articles.

5.4
2024-11-15 CVE-2022-20948 A vulnerability in the web management interface of Cisco&nbsp;BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation.
5.4
2024-11-15 CVE-2024-11246 Anisha Cross-site Scripting vulnerability in Anisha Farmacia 1.0

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0.

5.4
2024-11-15 CVE-2024-49754 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-49759 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-49764 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-50350 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-50351 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-50352 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-51494 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-51495 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-51496 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-51497 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2024-52526 Librenms Unspecified vulnerability in Librenms 24.10.0

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

5.4
2024-11-15 CVE-2021-3741 Chatwoot Cross-site Scripting vulnerability in Chatwoot

A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6.

5.4
2024-11-15 CVE-2021-3841 Sylius Cross-site Scripting vulnerability in Sylius

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files.

5.4
2024-11-15 CVE-2023-0109 Usememos Unspecified vulnerability in Usememos Memos 0.9.1

A stored cross-site scripting (XSS) vulnerability was discovered in usememos/memos version 0.9.1.

5.4
2024-11-15 CVE-2024-1097 K5N Cross-site Scripting vulnerability in K5N Webcalendar 1.3.0

A stored cross-site scripting (XSS) vulnerability exists in craigk5n/webcalendar version 1.3.0.

5.4
2024-11-15 CVE-2024-8961 Wpdeveloper Cross-site Scripting vulnerability in Wpdeveloper Essential Addons for Elementor

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nomore_items_text’ parameter in all versions up to, and including, 6.0.7 due to insufficient input sanitization and output escaping.

5.4
2024-11-15 CVE-2024-10113 Wpeka Cross-site Scripting vulnerability in Wpeka WP Adcenter

The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpadcenter_ad shortcode in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-11-14 CVE-2024-49025 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
5.4
2024-11-14 CVE-2024-11210 Eyoucms Unspecified vulnerability in Eyoucms 1.5.1

A vulnerability was found in EyouCMS 1.51.

5.4
2024-11-13 CVE-2024-9059 Royal Elementor Addons Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping.

5.4
2024-11-13 CVE-2024-9668 Royal Elementor Addons Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-11-13 CVE-2024-9682 Royal Elementor Addons Cross-site Scripting vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Form Builder widget in all versions up to, and including, 1.7.1001 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2024-11-12 CVE-2024-28730 Dlink Cross-site Scripting vulnerability in Dlink Dwr-2000M Firmware 1.34Me

Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the file upload feature of the VPN configuration module.

5.4
2024-11-12 CVE-2024-36140 Siemens Cross-site Scripting vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware

A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2).

5.4
2024-11-12 CVE-2024-10790 The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping.
5.4
2024-11-12 CVE-2024-10538 Leevio Cross-site Scripting vulnerability in Leevio Happy Addons for Elementor

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping.

5.4
2024-11-11 CVE-2024-11078 Anisha Cross-site Scripting vulnerability in Anisha JOB Recruitment 1.0

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic.

5.4
2024-11-11 CVE-2024-51488 Ampache Cross-Site Request Forgery (CSRF) vulnerability in Ampache 7.0.0

Ampache is a web based audio/video streaming application and file manager.

5.4
2024-11-11 CVE-2024-51489 Ampache Cross-Site Request Forgery (CSRF) vulnerability in Ampache 7.0.0

Ampache is a web based audio/video streaming application and file manager.

5.4
2024-11-11 CVE-2024-45088 IBM Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.3

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting.

5.4
2024-11-11 CVE-2024-11070 Publiccms Cross-site Scripting vulnerability in Publiccms 5.202406.D

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d.

5.4
2024-11-11 CVE-2024-11021 Vice Cross-site Scripting vulnerability in Vice Webopac 7.1.20160701

Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability.

5.4
2024-11-11 CVE-2024-52350 Crm2Go Cross-site Scripting vulnerability in Crm2Go

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CRM 2go allows DOM-Based XSS.This issue affects CRM 2go: from n/a through 1.0.

5.4
2024-11-11 CVE-2024-52351 BU Cross-site Scripting vulnerability in BU Slideshow

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boston University (IS&T) BU Slideshow allows Stored XSS.This issue affects BU Slideshow: from n/a through 2.3.10.

5.4
2024-11-11 CVE-2024-52352 Miloco Cross-site Scripting vulnerability in Miloco Postcasa Shortcode

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andrew Milo Postcasa Shortcode allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through 1.0.

5.4
2024-11-11 CVE-2024-52353 Sharethepractice Cross-site Scripting vulnerability in Sharethepractice Christian Science Bible Lesson Subjects

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects allows DOM-Based XSS.This issue affects Christian Science Bible Lesson Subjects: from n/a through 2.0.

5.4
2024-11-11 CVE-2024-52354 Coolplugins Cross-site Scripting vulnerability in Coolplugins web Stories Widgets for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through 1.1.

5.4
2024-11-11 CVE-2024-52355 Hyumika Cross-site Scripting vulnerability in Hyumika Openstreetmap

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM – OpenStreetMap allows Stored XSS.This issue affects OSM – OpenStreetMap: from n/a through 6.1.2.

5.4
2024-11-11 CVE-2024-52356 Webangon Cross-site Scripting vulnerability in Webangon the Pack Elementor Addons

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.1.0.

5.4
2024-11-11 CVE-2024-52357 LQD Cross-site Scripting vulnerability in LQD Liquid Blocks

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LIQUID DESIGN Ltd.

5.4
2024-11-11 CVE-2024-52358 Cyberchimps Cross-site Scripting vulnerability in Cyberchimps Responsive Addons for Elementor

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cyberchimps Responsive Addons for Elementor allows DOM-Based XSS.This issue affects Responsive Addons for Elementor: from n/a through 1.5.4.

5.4
2024-11-15 CVE-2024-11238 Landray Unspecified vulnerability in Landray EKP 12.0.9.R.20160325

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0.

5.3
2024-11-14 CVE-2024-45642 IBM Unspecified vulnerability in IBM Security Qradar EDR

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting.

5.3
2024-11-13 CVE-2024-10802 The Hash Elements plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hash_elements_get_posts_title_by_id() function in all versions up to, and including, 1.4.7.
5.3
2024-11-12 CVE-2024-46889 Siemens Use of Hard-coded Cryptographic Key vulnerability in Siemens Sinec INS 1.0

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).

5.3
2024-11-12 CVE-2024-46891 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3).
5.3
2024-11-12 CVE-2024-49394 Neomutt
Mutt
Redhat
Improper Verification of Cryptographic Signature vulnerability in multiple products

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

5.3
2024-11-12 CVE-2024-49395 Neomutt
Mutt
Redhat
In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.
5.3
2024-11-15 CVE-2023-20091 A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system.
5.1
2024-11-15 CVE-2021-1464 A vulnerability in Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input validation for certain commands.
5.0
2024-11-15 CVE-2024-11217 A vulnerability was found in the OAuth-server.
4.9
2024-11-15 CVE-2021-1470 A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper input validation of SQL queries to an affected system.
4.9
2024-11-12 CVE-2024-47905 Ivanti Out-of-bounds Write vulnerability in Ivanti Connect Secure 22.7/7.1/7.4

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9
2024-11-12 CVE-2024-47909 Ivanti Out-of-bounds Write vulnerability in Ivanti Connect Secure 22.7/7.1/7.4

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service.

4.9
2024-11-15 CVE-2024-49758 Librenms Unspecified vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

4.8
2024-11-15 CVE-2024-50355 Librenms Cross-site Scripting vulnerability in Librenms

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system.

4.8
2024-11-15 CVE-2022-1226 Phpipam Unspecified vulnerability in PHPipam

A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim.

4.8
2024-11-15 CVE-2023-2332 Pimcore Unspecified vulnerability in Pimcore 10.5.19

A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19.

4.8
2024-11-15 CVE-2024-0875 Open EMR Unspecified vulnerability in Open-Emr Openemr 7.0.1

A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1.

4.8
2024-11-14 CVE-2024-48284 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul User Registration & Login and User Management System 3.2

A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2.

4.8
2024-11-14 CVE-2024-50836 Lopalopa Cross-site Scripting vulnerability in Lopalopa E-Learning Management System 1.0

A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0.

4.8
2024-11-14 CVE-2024-45099 IBM Cross-site Scripting vulnerability in IBM Security Qradar EDR

IBM Security ReaQta 3.12 is vulnerable to cross-site scripting.

4.8
2024-11-13 CVE-2024-11175 Publiccms Cross-site Scripting vulnerability in Publiccms 5.202406.D

A vulnerability was found in Public CMS 5.202406.d and classified as problematic.

4.8
2024-11-13 CVE-2024-52305 Webkul Unspecified vulnerability in Webkul Unopim

UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework.

4.8
2024-11-13 CVE-2024-52268 Vektor INC Cross-site Scripting vulnerability in Vektor-Inc VK ALL in ONE Expansion Unit

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0.

4.8
2024-11-12 CVE-2024-11130 Zzcms Cross-site Scripting vulnerability in Zzcms

A vulnerability was found in ZZCMS up to 2023.

4.8
2024-11-12 CVE-2024-50313 Mendix Race Condition vulnerability in Mendix

A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application).

4.8
2024-11-12 CVE-2024-11102 Mayurik Cross-site Scripting vulnerability in Mayurik Hospital Management System 1.0

A vulnerability was found in SourceCodester Hospital Management System 1.0.

4.8
2024-11-11 CVE-2024-45087 IBM Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.

4.8
2024-11-15 CVE-2022-20634 A vulnerability in the web-based management interface of Cisco&nbsp;ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system.
4.7
2024-11-13 CVE-2024-29211 Ivanti Race Condition vulnerability in Ivanti Secure Access Client

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

4.7
2024-11-12 CVE-2024-8882 Zyxel Classic Buffer Overflow vulnerability in Zyxel products

A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL.

4.5
2024-11-15 CVE-2023-20004 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system.
4.4
2024-11-15 CVE-2023-20092 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system.
4.4
2024-11-15 CVE-2023-20093 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system.
4.4
2024-11-12 CVE-2024-36509 Fortinet Exposure of System Data to an Unauthorized Control Sphere vulnerability in Fortinet Fortiweb

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.

4.4
2024-11-16 CVE-2024-10614 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0.
4.3
2024-11-16 CVE-2024-10533 The WP Chat App plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the ajax_install_plugin() function in all versions up to, and including, 3.6.8.
4.3
2024-11-16 CVE-2024-6628 The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9.
4.3
2024-11-16 CVE-2024-10786 The Simple Local Avatars plugin for WordPress is vulnerable to unauthorized modification of datadue to a missing capability check on the sla_clear_user_cache function in all versions up to, and including, 2.7.11.
4.3
2024-11-16 CVE-2024-10795 The Popularis Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.7 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
4.3
2024-11-15 CVE-2021-1481 A vulnerability in the web-based management interface of Cisco&nbsp;SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface.
4.3
2024-11-15 CVE-2021-34750 A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center Software could allow an authenticated, remote attacker to access sensitive configuration information.
4.3
2024-11-15 CVE-2021-34751 A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information.
4.3
2024-11-15 CVE-2022-20939 A vulnerability in the web-based management interface of Cisco&nbsp;Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information.
4.3
2024-11-15 CVE-2023-20094 A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affected software performs improper bounds checks.
4.3
2024-11-15 CVE-2024-50652 Geeeeeeeek Unrestricted Upload of File with Dangerous Type vulnerability in Geeeeeeeek Java Shop 1.0

A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function.

4.3
2024-11-15 CVE-2024-11239 Landray Unspecified vulnerability in Landray EKP 12.0.9.R.20160325

A vulnerability has been found in Landray EKP up to 16.0 and classified as critical.

4.3
2024-11-15 CVE-2021-3986 Janeczku Unspecified vulnerability in Janeczku Calibre-Web

A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users.

4.3
2024-11-15 CVE-2021-3987 Janeczku Missing Authorization vulnerability in Janeczku Calibre-Web

An improper access control vulnerability exists in janeczku/calibre-web.

4.3
2024-11-15 CVE-2021-3991 Dolibarr Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm

An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch.

4.3
2024-11-15 CVE-2024-10582 Smartwpress Missing Authorization vulnerability in Smartwpress Music Player for Elementor

The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1.

4.3
2024-11-15 CVE-2024-10897 Themeum Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons

The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5.

4.3
2024-11-13 CVE-2024-11159 Mozilla Unspecified vulnerability in Mozilla Thunderbird

Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext.

4.3
2024-11-13 CVE-2024-8001 Viwis Unspecified vulnerability in Viwis Learning Management System 9.11

A vulnerability was found in VIWIS LMS 9.11.

4.3
2024-11-13 CVE-2024-10794 The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.6 via the 'bhf' shortcode due to insufficient restrictions on which posts can be included.
4.3
2024-11-13 CVE-2024-10530 Kognetiks Missing Authorization vulnerability in Kognetiks Chatbot

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the add_new_assistant() function in all versions up to, and including, 2.1.7.

4.3
2024-11-13 CVE-2024-10531 Kognetiks Unspecified vulnerability in Kognetiks Chatbot

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_assistant() function in all versions up to, and including, 2.1.7.

4.3
2024-11-13 CVE-2024-10593 The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6.
4.3
2024-11-13 CVE-2024-11143 Kognetiks Cross-Site Request Forgery (CSRF) vulnerability in Kognetiks Chatbot

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8.

4.3
2024-11-13 CVE-2024-10778 The BuddyPress Builder for Elementor – BuddyBuilder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.
4.3
2024-11-13 CVE-2024-10852 The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9.
4.3
2024-11-13 CVE-2024-10853 The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the removeorder AJAX action in all versions up to, and including, 2.2.9.
4.3
2024-11-13 CVE-2024-10854 The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buy_one_click_import_options AJAX action in all versions up to, and including, 2.2.9.
4.3
2024-11-12 CVE-2024-28731 Dlink Cross-Site Request Forgery (CSRF) vulnerability in Dlink Dwr-2000M Firmware 1.34Me

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forwarding option.

4.3
2024-11-12 CVE-2024-11125 GET Simple Cross-Site Request Forgery (CSRF) vulnerability in Get-Simple Getsimplecms 3.3.16

A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic.

4.3
2024-11-12 CVE-2024-50558 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2).

4.3
2024-11-12 CVE-2024-50559 Siemens Path Traversal vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2).

4.3
2024-11-12 CVE-2024-50560 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2).

4.3
2024-11-12 CVE-2024-10695 Futuriowp Authorization Bypass Through User-Controlled Key vulnerability in Futuriowp Futurio Extra

The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included.

4.3

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2024-11-17 CVE-2023-0657 A flaw was found in Keycloak.
3.4
2024-11-12 CVE-2024-48838 Dell Files or Directories Accessible to External Parties vulnerability in Dell Smartfabric Os10

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability.

3.3
2024-11-12 CVE-2024-10672 Themeisle Path Traversal vulnerability in Themeisle multiple Page Generator

The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2.

2.7