Total 18198 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-37226 1 Loftware 1 Spectrum 2024-09-10 9.8 Critical
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
CVE-2024-6342 1 Zyxel 2 Nas326 Firmware, Nas542 Firmware 2024-09-10 9.8 Critical
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
CVE-2024-44411 1 D-link 1 Di-8300 2024-09-10 9.8 Critical
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function.
CVE-2024-45032 1 Siemens 2 Industrial Edge Management Pro, Industrial Edge Management Virtual 2024-09-10 10 Critical
A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system.
CVE-2024-42500 1 Hp 1 Hp-ux 2024-09-10 9.3 Critical
HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services.
CVE-2024-44849 1 Qualitor 1 Qalitor 2024-09-09 9.8 Critical
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.
CVE-2024-44721 1 Seacms 1 Seacms 2024-09-09 9.8 Critical
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php.
CVE-2024-45771 1 Openrapid 1 Rapidcms 2024-09-09 9.8 Critical
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php.
CVE-2024-44839 1 Openrapid 1 Rapidcms 2024-09-09 9.8 Critical
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.
CVE-2024-44838 1 Openrapid 1 Rapidcms 2024-09-09 9.8 Critical
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php.
CVE-2024-8255 1 Deltaww 2 Dtn Soft, Dtnsoft 2024-09-06 9.8 Critical
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability.
CVE-2024-7720 1 Hp 1 Security Manager 2024-09-06 9.8 Critical
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries.
CVE-2024-7569 1 Ivanti 1 Neurons For Itsm 2024-09-06 9.6 Critical
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information.
CVE-2024-42009 1 Roundcube 1 Webmail 2024-09-06 9.3 Critical
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
CVE-2024-42008 1 Roundcube 1 Webmail 2024-09-06 9.3 Critical
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.
CVE-2024-37901 1 Xwiki 1 Xwiki 2024-09-06 10 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2.
CVE-2024-41947 1 Xwiki 1 Xwiki 2024-09-06 9.1 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.
CVE-2024-45758 1 H2oai 1 H2o-3 2024-09-06 9.1 Critical
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors.
CVE-2024-8389 1 Mozilla 1 Firefox 2024-09-06 9.8 Critical
Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130.
CVE-2024-8387 2 Mozilla, Redhat 9 Firefox, Firefox Esr, Thunderbird and 6 more 2024-09-06 9.8 Critical
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2.