Total
18198 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46943 | 1 Opendaylight | 2 Aaa, Authentication\, Authorization And Accounting | 2024-10-24 | 9.1 Critical |
| An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information. | ||||
| CVE-2024-46937 | 1 Mfasoft | 1 Secure Authentication Server | 2024-10-24 | 9.1 Critical |
| An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc. | ||||
| CVE-2024-42642 | 2 Crucial, Micron | 7 Ct1000mx500ssd1, Ct2000mx500ssd1, Ct250mx500ssd1 and 4 more | 2024-10-24 | 9.8 Critical |
| Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. | ||||
| CVE-2024-46256 | 1 Nginxproxymanager | 1 Nginx Proxy Manager | 2024-10-24 | 9.8 Critical |
| A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | ||||
| CVE-2024-49326 | 1 Vasiliskerasiotis | 1 Affiliator | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3. | ||||
| CVE-2024-49324 | 1 Sovratec | 2 Case Management, Sovratec Case Management | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0. | ||||
| CVE-2024-49327 | 1 Asepbagjapriandana | 1 Woostagram Connect | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2. | ||||
| CVE-2024-49329 | 2 Vivek Tamrakar, Vivektamrakar | 2 Wp Rest Api Fns, Wp Rest Api Fns | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0. | ||||
| CVE-2024-49330 | 1 Brx8r | 1 Nice Backgrounds | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0. | ||||
| CVE-2024-49331 | 2 Myriad Solutionz, Myriadsolutionz | 2 Property Lot Management System, Property Lot Management System | 2024-10-24 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38. | ||||
| CVE-2024-49332 | 2 Giveaway Boost, Giveawayboost | 2 Giveaway Boost, Giveaway Boost | 2024-10-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4. | ||||
| CVE-2024-49607 | 2 Redwan Hilali, Redwanhilali | 2 Wp Dropbox Dropins, Wp Dropbox Dropins | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0. | ||||
| CVE-2024-49610 | 2 Jack Zhu, Jackzhu | 2 Photokit, Photokit | 2024-10-24 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0. | ||||
| CVE-2024-49625 | 2 Brandon Clark, Brandonclark | 2 Site Builder Dynamic Components, Sitebuilder Dynamic Components | 2024-10-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Brandon Clark SiteBuilder Dynamic Components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through 1.0. | ||||
| CVE-2024-49624 | 1 Smartdevth | 1 Advanced Advertising System | 2024-10-24 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1. | ||||
| CVE-2024-9921 | 1 Teamplus | 2 Team\+, Team\+ Pro | 2024-10-24 | 9.8 Critical |
| The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete database contents. | ||||
| CVE-2024-49626 | 1 Piyushmca | 1 Shipyaari Shipping Management | 2024-10-23 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Piyushmca Shipyaari Shipping Management allows Object Injection.This issue affects Shipyaari Shipping Management: from n/a through 1.2. | ||||
| CVE-2024-46483 | 1 Xlightftpd | 1 Xlight Ftp Server | 2024-10-23 | 9.8 Critical |
| Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content. | ||||
| CVE-2024-42005 | 2 Djangoproject, Redhat | 4 Django, Ansible Automation Platform, Satellite and 1 more | 2024-10-23 | 9.8 Critical |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | ||||
| CVE-2024-40494 | 1 Keithcullen | 1 Freecoap | 2024-10-23 | 9.8 Critical |
| Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet. | ||||