Total
18198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28038 | 2024-12-10 | 9 Critical | ||
| The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-35286 | 1 Mitel | 1 Micollab | 2024-12-10 | 9.8 Critical |
| A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successful exploit could allow an attacker to access sensitive information and execute arbitrary database and management operations. | ||||
| CVE-2024-41713 | 1 Mitel | 1 Micollab | 2024-12-10 | 9.1 Critical |
| A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations. | ||||
| CVE-2024-54750 | 1 Ui | 1 U6-lr Firmware | 2024-12-09 | 9.8 Critical |
| Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as the Hardcoded Password should be after setup not before. | ||||
| CVE-2023-34563 | 1 Netgear | 2 R6250, R6250 Firmware | 2024-12-09 | 9.8 Critical |
| netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. | ||||
| CVE-2023-34541 | 1 Langchain | 1 Langchain | 2024-12-09 | 9.8 Critical |
| Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. | ||||
| CVE-2020-21489 | 1 Feehi | 1 Feehicms | 2024-12-09 | 9.8 Critical |
| File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. | ||||
| CVE-2023-31411 | 1 Sick | 1 Sick Eventcam App | 2024-12-09 | 9.8 Critical |
| A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App. | ||||
| CVE-2024-8785 | 1 Progress | 1 Whatsup Gold | 2024-12-09 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | ||||
| CVE-2024-27841 | 1 Apple | 4 Ipad Os, Ipados, Iphone Os and 1 more | 2024-12-09 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory. | ||||
| CVE-2023-35885 | 1 Mgt-commerce | 1 Cloudpanel | 2024-12-09 | 9.8 Critical |
| CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. | ||||
| CVE-2023-34600 | 1 Adiscon | 1 Loganalyzer | 2024-12-09 | 9.8 Critical |
| Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. | ||||
| CVE-2023-52369 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 9.1 Critical |
| Stack overflow vulnerability in the NFC module.Successful exploitation of this vulnerability may affect service availability and integrity. | ||||
| CVE-2024-51164 | 1 Jepaas | 1 Jepaas | 2024-12-09 | 9.1 Critical |
| Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | ||||
| CVE-2023-3110 | 1 Silabs | 1 Unify Software Development Kit | 2024-12-09 | 9.6 Critical |
| Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
| CVE-2024-53822 | 1 Genetechsolutions | 1 Pie Register | 2024-12-09 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | ||||
| CVE-2023-32117 | 1 Softlab | 1 Integrate Google Drive | 2024-12-09 | 9.8 Critical |
| Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99. | ||||
| CVE-2024-55564 | 1 Perl | 1 Posix 2028 | 2024-12-09 | 9.8 Critical |
| The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow. | ||||
| CVE-2024-55560 | 1 Mailcleaner | 1 Mailcleaner | 2024-12-09 | 9.8 Critical |
| MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation. | ||||
| CVE-2024-12209 | 1 Wphealth | 1 Wp Umbrella Update Backup Restore And Monitoring | 2024-12-09 | 9.8 Critical |
| The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||