Total
18198 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-37226 | 1 Loftware | 1 Spectrum | 2024-09-10 | 9.8 Critical |
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. | ||||
CVE-2024-6342 | 1 Zyxel | 2 Nas326 Firmware, Nas542 Firmware | 2024-09-10 | 9.8 Critical |
**UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | ||||
CVE-2024-44411 | 1 D-link | 1 Di-8300 | 2024-09-10 | 9.8 Critical |
D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. | ||||
CVE-2024-45032 | 1 Siemens | 2 Industrial Edge Management Pro, Industrial Edge Management Virtual | 2024-09-10 | 10 Critical |
A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device tokens. This could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system. | ||||
CVE-2024-42500 | 1 Hp | 1 Hp-ux | 2024-09-10 | 9.3 Critical |
HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services. | ||||
CVE-2024-44849 | 1 Qualitor | 1 Qalitor | 2024-09-09 | 9.8 Critical |
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. | ||||
CVE-2024-44721 | 1 Seacms | 1 Seacms | 2024-09-09 | 9.8 Critical |
SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. | ||||
CVE-2024-45771 | 1 Openrapid | 1 Rapidcms | 2024-09-09 | 9.8 Critical |
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. | ||||
CVE-2024-44839 | 1 Openrapid | 1 Rapidcms | 2024-09-09 | 9.8 Critical |
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. | ||||
CVE-2024-44838 | 1 Openrapid | 1 Rapidcms | 2024-09-09 | 9.8 Critical |
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php. | ||||
CVE-2024-8255 | 1 Deltaww | 2 Dtn Soft, Dtnsoft | 2024-09-06 | 9.8 Critical |
Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | ||||
CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-06 | 9.8 Critical |
HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | ||||
CVE-2024-7569 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | 9.6 Critical |
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. | ||||
CVE-2024-42009 | 1 Roundcube | 1 Webmail | 2024-09-06 | 9.3 Critical |
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | ||||
CVE-2024-42008 | 1 Roundcube | 1 Webmail | 2024-09-06 | 9.3 Critical |
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header. | ||||
CVE-2024-37901 | 1 Xwiki | 1 Xwiki | 2024-09-06 | 10 Critical |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2. | ||||
CVE-2024-41947 | 1 Xwiki | 1 Xwiki | 2024-09-06 | 9.1 Critical |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1. | ||||
CVE-2024-45758 | 1 H2oai | 1 H2o-3 | 2024-09-06 | 9.1 Critical |
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors. | ||||
CVE-2024-8389 | 1 Mozilla | 1 Firefox | 2024-09-06 | 9.8 Critical |
Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130. | ||||
CVE-2024-8387 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-09-06 | 9.8 Critical |
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. |