Total
18200 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45414 | 1 Zte | 10 Zxhn E1600 Firmware, Zxhn E2603 Firmware, Zxhn E2615 Firmware and 7 more | 2024-09-20 | 9.8 Critical |
| The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. | ||||
| CVE-2024-45798 | 1 Arduino | 1 Arduino Core | 2024-09-20 | 10 Critical |
| arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts. | ||||
| CVE-2024-46375 | 1 Best House Rental Management System | 1 Best House Rental Management System | 2024-09-20 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | ||||
| CVE-2024-46376 | 1 Best House Rental Management System | 1 Best House Rental Management System | 2024-09-20 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | ||||
| CVE-2024-44542 | 1 Todesk | 1 Todesk | 2024-09-20 | 9.8 Critical |
| SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. | ||||
| CVE-2024-46374 | 1 Best House Rental Management System | 1 Best House Rental Management System | 2024-09-20 | 9.8 Critical |
| Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. | ||||
| CVE-2024-46946 | 1 Langchain | 1 Langchain Experimental | 2024-09-20 | 9.8 Critical |
| langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05). | ||||
| CVE-2024-35515 | 1 Sqlitedict | 1 Sqlitedict | 2024-09-20 | 9.8 Critical |
| Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. | ||||
| CVE-2024-34399 | 1 Bmc | 1 Remedy Mid-tier | 2024-09-20 | 9.8 Critical |
| **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only. | ||||
| CVE-2024-40568 | 1 Bluekitchen | 1 Bluestack | 2024-09-20 | 9.8 Critical |
| Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component | ||||
| CVE-2024-46377 | 1 Sourcecodester | 1 Best House Rental Management System | 2024-09-20 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | ||||
| CVE-2024-43144 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2024-09-19 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | ||||
| CVE-2024-43917 | 1 Templateinvaders | 1 Ti Woocommerce Wishlist | 2024-09-19 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. | ||||
| CVE-2024-45697 | 1 Dlink | 3 Dir-4860 A1, Dir-x4860, Dir-x4860 Firmware | 2024-09-19 | 9.8 Critical |
| Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. | ||||
| CVE-2024-43042 | 1 Pluck-cms | 1 Pluck | 2024-09-19 | 9.8 Critical |
| Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. | ||||
| CVE-2024-45159 | 1 Arm | 1 Mbed Tls | 2024-09-19 | 9.8 Critical |
| An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert). | ||||
| CVE-2024-8395 | 1 Flycass | 1 Flycass | 2024-09-19 | 9.8 Critical |
| FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. | ||||
| CVE-2024-6656 | 2 Tnb Mobile Solutions, Tnbmobil | 2 Cockpit Software, Cockpit | 2024-09-19 | 9.8 Critical |
| Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13. | ||||
| CVE-2024-7960 | 1 Rockwellautomation | 1 Pavilion8 | 2024-09-19 | 9.1 Critical |
| The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functions they should not. | ||||
| CVE-2024-7961 | 1 Rockwellautomation | 1 Pavilion8 | 2024-09-19 | 9.8 Critical |
| A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution. | ||||