Total
18198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54747 | 1 Wavlink | 1 Wn531p3 Firmware | 2024-12-09 | 9.8 Critical |
| WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-23265 | 1 Apple | 8 Ios, Ipad Os, Ipados and 5 more | 2024-12-09 | 9.8 Critical |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2024-10773 | 1 Sick | 3 Inspector61x Firmware, Inspector62x Firmware, Tim3xx | 2024-12-09 | 9 Critical |
| The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device. | ||||
| CVE-2023-4420 | 1 Sick | 7 Lms500, Lms500 Firmware, Lms511 and 4 more | 2024-12-09 | 9.8 Critical |
| A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted. | ||||
| CVE-2023-4419 | 1 Sick | 7 Lms500, Lms500 Firmware, Lms511 and 4 more | 2024-12-09 | 9.8 Critical |
| The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | ||||
| CVE-2023-5288 | 1 Sick | 3 Sim1012, Sim1012-0p0g200, Sim1012-0p0g200 Firmware | 2024-12-09 | 9.8 Critical |
| A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device. | ||||
| CVE-2023-29931 | 1 Laravels Project | 1 Laravels | 2024-12-06 | 9.8 Critical |
| laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php. | ||||
| CVE-2023-35166 | 1 Xwiki | 1 Xwiki | 2024-12-06 | 10 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5. | ||||
| CVE-2024-21071 | 1 Oracle | 1 Workflow | 2024-12-06 | 9.1 Critical |
| Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-52320 | 1 Planet Technology Corp | 1 Wgs-804hpt Firmware | 2024-12-06 | 9.8 Critical |
| The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution. | ||||
| CVE-2024-48871 | 1 Planet Technology Corp | 1 Wgs-804hpt Firmware | 2024-12-06 | 9.8 Critical |
| The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. | ||||
| CVE-2024-37863 | 1 Open Robotics | 2 Nav2 Humble, Robotics Operating System | 2024-12-06 | 9.8 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | ||||
| CVE-2024-37861 | 1 Open Robotics | 2 Nav2 Humble, Ros2 | 2024-12-06 | 9.8 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | ||||
| CVE-2023-52378 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-06 | 9.8 Critical |
| Vulnerability of incorrect service logic in the WindowManagerServices module.Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2024-38920 | 1 Open Robotics | 2 Nav2 Humble, Ros2 | 2024-12-06 | 9.1 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` . | ||||
| CVE-2022-22630 | 1 Apple | 2 Mac Os X, Macos | 2024-12-06 | 9.8 Critical |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution | ||||
| CVE-2024-11680 | 1 Projectsend | 1 Projectsend | 2024-12-06 | 9.8 Critical |
| ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | ||||
| CVE-2023-0971 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 9.6 Critical |
| A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. | ||||
| CVE-2023-0972 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2024-12-06 | 9.6 Critical |
| Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
| CVE-2023-34939 | 1 Onlyoffice | 1 Onlyoffice | 2024-12-06 | 9.8 Critical |
| Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx. | ||||