Total 262939 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-27375 1 Idattend 1 Idweb 2024-09-10 7.5 High
Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.
CVE-2024-6911 1 Perkinelmer 1 Processplus 2024-09-10 7.5 High
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus: through 1.11.6507.0.
CVE-2023-26569 1 Idattend 1 Idweb 2024-09-10 9.8 Critical
Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.
CVE-2024-22415 1 Jupyter 1 Language Server Protocol Integration 2024-09-10 7.3 High
jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.
CVE-2024-6122 1 Ni 2 Flexlogger, Systemlink 2024-09-10 5.5 Medium
An incorrect permission in the installation directory for the shared NI SystemLink Server KeyValueDatabase service may result in information disclosure via local access. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service.
CVE-2023-34446 1 Combodo 1 Itop 2024-09-10 8.8 High
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.
CVE-2023-42850 1 Apple 1 Macos 2024-09-10 5.5 Medium
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.
CVE-2023-41975 1 Apple 1 Macos 2024-09-10 4.3 Medium
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.
CVE-2023-42857 1 Apple 3 Ipados, Iphone Os, Macos 2024-09-10 3.3 Low
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
CVE-2023-41997 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-09-10 4.6 Medium
This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.
CVE-2023-41254 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-09-10 5.5 Medium
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.
CVE-2024-44902 1 Thinkphp 1 Thinkphp 2024-09-10 9.8 Critical
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
CVE-2024-44893 1 Jeecg 1 Jimureport 2024-09-10 9.8 Critical
An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request.
CVE-2024-44676 1 Eladmin 1 Eladmin 2024-09-10 6.1 Medium
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
CVE-2024-44667 1 Shenzhen Haichangxing Technology 1 Hcx H822 Firmware 2024-09-10 8 High
Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access.
CVE-2024-44072 1 Buffalo Inc 18 Wex 1166dhp, Wex 1166dhp2, Wex 1166dhps and 15 more 2024-09-10 5.7 Medium
OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.
CVE-2024-31960 1 Samsung Mobile 1 Exynos 2024-09-10 7.8 High
An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.
CVE-2024-0744 1 Mozilla 1 Firefox 2024-09-10 7.5 High
In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122.
CVE-2023-42490 1 Busbaer 1 Eisbaer Scada 2024-09-10 7.5 High
EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-40408 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2024-09-10 5.3 Medium
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.