Total
18201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44000 | 1 Litespeedtech | 1 Litespeed Cache | 2024-10-23 | 9.8 Critical |
| Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1. | ||||
| CVE-2024-9537 | 1 Sciencelogic | 1 Sl1 | 2024-10-22 | 9.8 Critical |
| ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions back to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x. | ||||
| CVE-2024-47485 | 1 Hikvision | 2 Hikcentral Master, Hikcentral Master Lite | 2024-10-22 | 9.8 Critical |
| There is a CSV injection vulnerability in some HikCentral Master Lite versions. If exploited, an attacker could build malicious data to generate executable commands in the CSV file. | ||||
| CVE-2024-47945 | 2 Rittal, Rittal Gmbh And Co.kg | 5 Cmc Iii Processing Units, Cmc Iii Processing Units Firmware, Iot Interface and 2 more | 2024-10-21 | 9.1 Critical |
| The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed. | ||||
| CVE-2024-45944 | 1 J2eefast | 1 J2eefast | 2024-10-21 | 9.8 Critical |
| In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. | ||||
| CVE-2024-21172 | 1 Oracle | 1 Hospitality Opera 5 | 2024-10-21 | 9 Critical |
| Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. While the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2023-26785 | 1 Mariadb | 1 Mariadb | 2024-10-21 | 9.8 Critical |
| MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed. | ||||
| CVE-2024-21216 | 1 Oracle | 1 Weblogic Server | 2024-10-18 | 9.8 Critical |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-10118 | 1 Secom | 1 Wrtr-304gn-304tw-upsc Firmware | 2024-10-18 | 9.8 Critical |
| SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. | ||||
| CVE-2024-48180 | 1 Classcms | 1 Classcms | 2024-10-18 | 9.8 Critical |
| ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. | ||||
| CVE-2024-9263 | 1 Arraytics | 1 Timetics | 2024-10-18 | 9.8 Critical |
| The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to reset the emails and passwords of arbitrary user accounts, including administrators, which makes account takeover and privilege escalation possible. | ||||
| CVE-2024-9863 | 1 Miniorange | 1 Otp Verification | 2024-10-18 | 9.8 Critical |
| The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled. | ||||
| CVE-2024-9862 | 1 Miniorange | 1 Otp Verification | 2024-10-18 | 9.8 Critical |
| The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources, and the user current password check is missing. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. | ||||
| CVE-2024-49318 | 1 Olsonsp4c | 1 My Reading Library | 2024-10-18 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Scott Olson My Reading Library allows Object Injection.This issue affects My Reading Library: from n/a through 1.0. | ||||
| CVE-2024-49305 | 1 Wpfactory | 1 Customer Email Verification For Woocommerce | 2024-10-18 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through 2.8.10. | ||||
| CVE-2024-49291 | 1 Boxystudio | 1 Cooked | 2024-10-18 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | ||||
| CVE-2024-48920 | 1 Putongoj | 1 Putongoj | 2024-10-18 | 9.1 Critical |
| PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | ||||
| CVE-2024-49246 | 2024-10-18 | 9.3 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anand23 Ajax Rating with Custom Login allows SQL Injection.This issue affects Ajax Rating with Custom Login: from n/a through 1.1. | ||||
| CVE-2024-49322 | 1 Codepassenger | 1 Job Board Manager For Wordpress | 2024-10-18 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0. | ||||
| CVE-2024-10025 | 1 Sick | 52 Clv620 Firmware, Clv621 Firmware, Clv622 Firmware and 49 more | 2024-10-18 | 9.1 Critical |
| A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK products as an “Authorized Client” if the customer has not changed the default password. | ||||