Total
18198 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-48204 | 1 Hanzhou Haboo | 1 Network Management System | 2024-10-28 | 9.8 Critical |
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script. | ||||
CVE-2024-20329 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-10-26 | 9.9 Critical |
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. | ||||
CVE-2024-7591 | 1 Kemptechnologies | 3 Loadmaster, Loadmaster Mt, Multi-tenant Hypervisor Firmware | 2024-10-25 | 10 Critical |
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above | ||||
CVE-2024-46478 | 1 Htmldoc Project | 1 Htmldoc | 2024-10-25 | 9.8 Critical |
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. | ||||
CVE-2024-48143 | 1 Digitory | 1 Multi-channel Integrated Pos | 2024-10-25 | 9.1 Critical |
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders. | ||||
CVE-2023-48082 | 1 Nagios | 1 Xi | 2024-10-25 | 9.1 Critical |
Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate. | ||||
CVE-2024-44812 | 2 Janobe, Sourcecodester | 2 Online Complaint Site, Online Complaint Site | 2024-10-25 | 9.8 Critical |
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. | ||||
CVE-2024-49653 | 1 James Egger | 1 Portfolleo | 2024-10-25 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in James Eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through 1.2. | ||||
CVE-2024-49652 | 1 Reneecussack | 1 3d Work In Progress | 2024-10-25 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3. | ||||
CVE-2024-49671 | 1 Postpix | 1 Ai Postpix | 2024-10-25 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through 1.1.8. | ||||
CVE-2024-49658 | 1 Ecomerciar | 1 Woocommerce Custom Profile Picture | 2024-10-25 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0. | ||||
CVE-2024-49669 | 1 Alexander De Ridder | 1 Ink Official | 2024-10-25 | 9.9 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2. | ||||
CVE-2024-49668 | 1 Admin | 1 Verbalize | 2024-10-25 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0. | ||||
CVE-2024-49681 | 1 Swit | 1 Wp Sessions Time Monitoring Full Automatic | 2024-10-25 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.9. | ||||
CVE-2024-48548 | 1 Cloud Smart Lock | 1 Cloud Smart Lock Firmware | 2024-10-25 | 9.3 Critical |
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack. | ||||
CVE-2024-48539 | 1 Netdvr | 1 Neye3c | 2024-10-25 | 9.8 Critical |
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism. | ||||
CVE-2024-48538 | 1 Netdvr | 1 Neye3c | 2024-10-25 | 9.8 Critical |
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
CVE-2024-42966 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-10-24 | 9.8 Critical |
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. | ||||
CVE-2024-42815 | 1 Tp-link | 1 Re365 | 2024-10-24 | 9.8 Critical |
In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands. | ||||
CVE-2024-36130 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-10-24 | 9.8 Critical |
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance. |