Total
17136 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-7028 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 10 Critical |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | ||||
CVE-2023-5009 | 1 Gitlab | 1 Gitlab | 2024-09-18 | 9.6 Critical |
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact. | ||||
CVE-2024-38175 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2024-09-17 | 9.6 Critical |
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network. | ||||
CVE-2024-38109 | 1 Microsoft | 1 Azure Health Bot | 2024-09-17 | 9.1 Critical |
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. | ||||
CVE-2024-38140 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-09-17 | 9.8 Critical |
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | ||||
CVE-2024-38063 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-09-17 | 9.8 Critical |
Windows TCP/IP Remote Code Execution Vulnerability | ||||
CVE-2024-38199 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-09-17 | 9.8 Critical |
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | ||||
CVE-2024-38160 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-17 | 9.1 Critical |
Windows Network Virtualization Remote Code Execution Vulnerability | ||||
CVE-2024-38159 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-17 | 9.1 Critical |
Windows Network Virtualization Remote Code Execution Vulnerability | ||||
CVE-2024-38108 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-17 | 9.3 Critical |
Azure Stack Hub Spoofing Vulnerability | ||||
CVE-2024-44004 | 2024-09-17 | 9.3 Critical | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6. | ||||
CVE-2024-43978 | 2024-09-17 | 9.3 Critical | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8. | ||||
CVE-2024-43976 | 2024-09-17 | 9.3 Critical | ||
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7. | ||||
CVE-2024-38164 | 1 Microsoft | 1 Groupme | 2024-09-17 | 9.6 Critical |
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | ||||
CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2024-09-17 | 9.1 Critical |
Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
CVE-2024-38076 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2024-09-17 | 9.8 Critical |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
CVE-2024-38074 | 1 Microsoft | 9 Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and 6 more | 2024-09-17 | 9.8 Critical |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2024-09-17 | 9 Critical |
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | ||||
CVE-2024-38077 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-09-17 | 9.8 Critical |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | ||||
CVE-2024-8956 | 1 Ptzoptics | 1 Pt30x-sdi.ndi-xx | 2024-09-17 | 9.1 Critical |
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file. |