Total
18201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49291 | 1 Boxystudio | 1 Cooked | 2024-10-18 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | ||||
| CVE-2024-48153 | 1 Draytek | 1 Vigor3900 Firmware | 2024-10-17 | 9.8 Critical |
| DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the get_subconfig function. | ||||
| CVE-2024-9925 | 2 Tai Smart Factory, Taismartfactory | 2 Qplant Sf, Qplant Sf | 2024-10-17 | 9.8 Critical |
| SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulnerability could allow a remote attacker to retrieve all database information by sending a specially crafted SQL query to the ‘email’ parameter on the ‘RequestPasswordChange’ endpoint. | ||||
| CVE-2024-48779 | 1 Wanxingtechnology | 1 Yitu Project Management Software | 2024-10-17 | 9.8 Critical |
| An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. | ||||
| CVE-2024-47871 | 1 Gradio Project | 1 Gradio | 2024-10-17 | 9.1 Critical |
| Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves **insecure communication** between the FRP (Fast Reverse Proxy) client and server when Gradio's `share=True` option is used. HTTPS is not enforced on the connection, allowing attackers to intercept and read files uploaded to the Gradio server, as well as modify responses or data sent between the client and server. This impacts users who are sharing Gradio demos publicly over the internet using `share=True` without proper encryption, exposing sensitive data to potential eavesdroppers. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can avoid using `share=True` in production environments and instead host their Gradio applications on servers with HTTPS enabled to ensure secure communication. | ||||
| CVE-2024-47167 | 1 Gradio Project | 1 Gradio | 2024-10-17 | 9.8 Critical |
| Gradio is an open-source Python package designed for quick prototyping. This vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio’s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching. Users are advised to upgrade to `gradio>=5` to address this issue. As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks. | ||||
| CVE-2024-32608 | 1 Hdfgroup | 1 Hdf5 | 2024-10-17 | 9.8 Critical |
| HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | ||||
| CVE-2024-43685 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-10-17 | 9.8 Critical |
| Improper Authentication vulnerability in Microchip TimeProvider 4100 (login modules) allows Session Hijacking.This issue affects TimeProvider 4100: from 1.0 before 2.4.7. | ||||
| CVE-2024-9984 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 9.8 Critical |
| Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | ||||
| CVE-2024-9985 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 10 Critical |
| Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | ||||
| CVE-2024-10004 | 1 Mozilla | 1 Firefox | 2024-10-16 | 9.1 Critical |
| Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. | ||||
| CVE-2024-33066 | 1 Qualcomm | 142 Csr8811, Csr8811 Firmware, Immersive Home 214 Platform and 139 more | 2024-10-16 | 9.8 Critical |
| Memory corruption while redirecting log file to any file location with any file name. | ||||
| CVE-2024-48782 | 1 Dycms | 1 Dycms | 2024-10-16 | 9.8 Critical |
| File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. | ||||
| CVE-2024-48781 | 1 Wanxingtechnology | 1 Yitu Project Management Kirin Edition | 2024-10-16 | 9.8 Critical |
| An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. | ||||
| CVE-2024-48411 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2024-10-16 | 9.8 Critical |
| itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to SQL Injection (SQLI) via a crafted payload to the val-email parameter in forget_password.php. | ||||
| CVE-2024-44730 | 1 Mirotalk | 1 Mirotalk P2p | 2024-10-16 | 9.1 Critical |
| Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. | ||||
| CVE-2024-46532 | 1 Kancloud | 1 Openhis | 2024-10-16 | 9.8 Critical |
| SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. | ||||
| CVE-2024-10018 | 1 Tecno | 1 Com.transsion.aivoiceassistant | 2024-10-16 | 9.8 Critical |
| Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component. | ||||
| CVE-2021-4443 | 1 Quadlayers | 1 Wordpress Mega Menu-quadmenu | 2024-10-16 | 9.8 Critical |
| The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. | ||||
| CVE-2016-15040 | 1 Kentothemes | 1 Kento-post-view-counter | 2024-10-16 | 9.8 Critical |
| The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||