Total 18198 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-48204 1 Hanzhou Haboo 1 Network Management System 2024-10-28 9.8 Critical
SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script.
CVE-2024-20329 1 Cisco 1 Adaptive Security Appliance Software 2024-10-26 9.9 Critical
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by submitting crafted input when executing remote CLI commands over SSH. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system.
CVE-2024-7591 1 Kemptechnologies 3 Loadmaster, Loadmaster Mt, Multi-tenant Hypervisor Firmware 2024-10-25 10 Critical
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
CVE-2024-46478 1 Htmldoc Project 1 Htmldoc 2024-10-25 9.8 Critical
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
CVE-2024-48143 1 Digitory 1 Multi-channel Integrated Pos 2024-10-25 9.1 Critical
A lack of rate limiting in the OTP validation component of Digitory Multi Channel Integrated POS v1.0 allows attackers to gain access to the ordering system and place an excessive amount of food orders.
CVE-2023-48082 1 Nagios 1 Xi 2024-10-25 9.1 Critical
Nagios XI before 2024R1 was discovered to improperly handle API keys generation (randomly-generated), allowing attackers to possibly generate the same set of API keys for all users and utilize them to authenticate.
CVE-2024-44812 2 Janobe, Sourcecodester 2 Online Complaint Site, Online Complaint Site 2024-10-25 9.8 Critical
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
CVE-2024-49653 1 James Egger 1 Portfolleo 2024-10-25 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in James Eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through 1.2.
CVE-2024-49652 1 Reneecussack 1 3d Work In Progress 2024-10-25 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3.
CVE-2024-49671 1 Postpix 1 Ai Postpix 2024-10-25 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through 1.1.8.
CVE-2024-49658 1 Ecomerciar 1 Woocommerce Custom Profile Picture 2024-10-25 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0.
CVE-2024-49669 1 Alexander De Ridder 1 Ink Official 2024-10-25 9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.
CVE-2024-49668 1 Admin 1 Verbalize 2024-10-25 10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0.
CVE-2024-49681 1 Swit 1 Wp Sessions Time Monitoring Full Automatic 2024-10-25 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows SQL Injection.This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.0.9.
CVE-2024-48548 1 Cloud Smart Lock 1 Cloud Smart Lock Firmware 2024-10-25 9.3 Critical
The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack.
CVE-2024-48539 1 Netdvr 1 Neye3c 2024-10-25 9.8 Critical
Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.
CVE-2024-48538 1 Netdvr 1 Neye3c 2024-10-25 9.8 Critical
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.
CVE-2024-42966 1 Totolink 2 N350rt, N350rt Firmware 2024-10-24 9.8 Critical
Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh.
CVE-2024-42815 1 Tp-link 1 Re365 2024-10-24 9.8 Critical
In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
CVE-2024-36130 1 Ivanti 1 Endpoint Manager Mobile 2024-10-24 9.8 Critical
An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the appliance.