Total 17136 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-7028 1 Gitlab 1 Gitlab 2024-09-18 10 Critical
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
CVE-2023-5009 1 Gitlab 1 Gitlab 2024-09-18 9.6 Critical
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.
CVE-2024-38175 1 Microsoft 1 Azure Managed Instance For Apache Cassandra 2024-09-17 9.6 Critical
An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
CVE-2024-38109 1 Microsoft 1 Azure Health Bot 2024-09-17 9.1 Critical
An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.
CVE-2024-38140 1 Microsoft 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more 2024-09-17 9.8 Critical
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
CVE-2024-38063 1 Microsoft 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more 2024-09-17 9.8 Critical
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2024-38199 1 Microsoft 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more 2024-09-17 9.8 Critical
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2024-38160 1 Microsoft 2 Windows 10 1607, Windows Server 2016 2024-09-17 9.1 Critical
Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38159 1 Microsoft 2 Windows 10 1607, Windows Server 2016 2024-09-17 9.1 Critical
Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38108 1 Microsoft 1 Azure Stack Hub 2024-09-17 9.3 Critical
Azure Stack Hub Spoofing Vulnerability
CVE-2024-44004 2024-09-17 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.
CVE-2024-43978 2024-09-17 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.
CVE-2024-43976 2024-09-17 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.
CVE-2024-38164 1 Microsoft 1 Groupme 2024-09-17 9.6 Critical
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
CVE-2024-38089 1 Microsoft 1 Defender For Iot 2024-09-17 9.1 Critical
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-38076 1 Microsoft 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more 2024-09-17 9.8 Critical
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38074 1 Microsoft 9 Windows Server 2008, Windows Server 2008 R2, Windows Server 2012 and 6 more 2024-09-17 9.8 Critical
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38182 1 Microsoft 1 Dynamics 365 2024-09-17 9 Critical
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
CVE-2024-38077 1 Microsoft 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more 2024-09-17 9.8 Critical
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-8956 1 Ptzoptics 1 Pt30x-sdi.ndi-xx 2024-09-17 9.1 Critical
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file.