Total
262521 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-26581 | 1 Idattend | 1 Idweb | 2024-09-10 | 9.8 Critical |
Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
CVE-2023-27261 | 1 Idattend | 1 Idweb | 2024-09-10 | 5.3 Medium |
Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | ||||
CVE-2023-27262 | 1 Idattend | 1 Idweb | 2024-09-10 | 9.8 Critical |
Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | ||||
CVE-2024-6932 | 1 Classcms Project | 1 Classcms | 2024-09-10 | 3.5 Low |
A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271987. | ||||
CVE-2024-6934 | 1 Formtools | 1 Form Tools | 2024-09-10 | 2.4 Low |
A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-8655 | 2024-09-10 | 5.3 Medium | ||
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-8504 | 2024-09-10 | N/A | ||
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. | ||||
CVE-2024-8232 | 2024-09-10 | 7.5 High | ||
SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. | ||||
CVE-2024-43040 | 2024-09-10 | N/A | ||
Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. | ||||
CVE-2024-6935 | 1 Formtools | 1 Form Tools | 2024-09-10 | 2.4 Low |
A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-271990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-37980 | 1 Microsoft | 1 Sql Server | 2024-09-10 | 8.8 High |
Microsoft SQL Server Elevation of Privilege Vulnerability | ||||
CVE-2024-38194 | 1 Microsoft | 1 Azure Web Apps | 2024-09-10 | 8.4 High |
An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. | ||||
CVE-2024-43495 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows Server 23h2 | 2024-09-10 | 7.3 High |
Windows libarchive Remote Code Execution Vulnerability | ||||
CVE-2024-43487 | 1 Microsoft | 9 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 6 more | 2024-09-10 | 6.5 Medium |
Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
CVE-2024-30073 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 14 more | 2024-09-10 | 7.8 High |
Windows Security Zone Mapping Security Feature Bypass Vulnerability | ||||
CVE-2024-43479 | 1 Microsoft | 1 Power Automate For Desktop | 2024-09-10 | 8.5 High |
Microsoft Power Automate Desktop Remote Code Execution Vulnerability | ||||
CVE-2024-43476 | 1 Microsoft | 1 Dynamics 365 | 2024-09-10 | 7.6 High |
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
CVE-2024-43475 | 1 Microsoft | 1 Windows Server 2008 Sp2 | 2024-09-10 | 7.3 High |
Microsoft Windows Admin Center Information Disclosure Vulnerability | ||||
CVE-2024-43470 | 1 Microsoft | 1 Azure Network Watcher Agent For Windows | 2024-09-10 | 7.3 High |
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
CVE-2024-43469 | 1 Microsoft | 1 Azure Cyclecloud | 2024-09-10 | 8.8 High |
Azure CycleCloud Remote Code Execution Vulnerability |