Total 18193 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45169 1 Uci 1 Idol 2 2024-08-22 9.8 Critical
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution via the \xB0\x00\x3c byte sequence.
CVE-2024-45163 1 Mirai 1 Botnet 2024-08-22 9.1 Critical
The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.
CVE-2024-7746 1 Traccar 2 Server, Traccar 2024-08-22 9.8 Critical
Use of Default Credentials vulnerability in Tananaev Solutions Traccar Server on Administrator Panel modules allows Authentication Abuse.This issue affects the privileged transactions implemented by the Traccar solution that should otherwise be protected by the authentication mechanism.  These transactions could have an impact on any sensitive aspect of the platform, including Confidentiality, Integrity and Availability.
CVE-2024-7731 1 Secom 1 Dr.id Access Control 2024-08-22 9.8 Critical
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
CVE-2024-45168 1 Uci 1 Idol 2 2024-08-22 9.1 Critical
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable.
CVE-2024-45166 1 Uci 1 Idol 2 2024-08-22 9.8 Critical
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. There is an access violation and EIP overwrite after five logins.
CVE-2024-42573 2 Arajajyothibabu, School Management System Project 2 School Management System, School Management System 2024-08-22 9.8 Critical
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php.
CVE-2024-43311 1 Geek Code Lab 1 Login As Users 2024-08-22 9.8 Critical
Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2.
CVE-2024-43400 1 Xwiki 2 Xwiki, Xwiki-platform 2024-08-22 9.1 Critical
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.
CVE-2024-37287 1 Elastic 1 Kibana 2024-08-22 9.1 Critical
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.
CVE-2024-40480 2 Jayesh, Kashipara 2 Online Exam System, Online Exam System 2024-08-21 9.8 Critical
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.
CVE-2024-39791 1 Vonets 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more 2024-08-21 10 Critical
Stack-based buffer overflow vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to execute arbitrary code.
CVE-2024-39815 1 Vonets 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more 2024-08-21 9.1 Critical
Improper check or handling of exceptional conditions vulnerability affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an unauthenticated remote attacker to cause a denial of service. A specially-crafted HTTP request to pre-authentication resources can crash the service.
CVE-2024-37023 1 Vonets 28 Vap11ac, Vap11ac Firmware, Vap11g and 25 more 2024-08-21 9.1 Critical
Multiple OS command injection vulnerabilities affecting Vonets industrial wifi bridge relays and wifi bridge repeaters, software versions 3.3.23.6.9 and prior, enable an authenticated remote attacker to execute arbitrary OS commands via various endpoint parameters.
CVE-2024-20083 1 Mediatek 24 Mt6765, Mt6768, Mt6779 and 21 more 2024-08-21 9.8 Critical
In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALPS08805789; Issue ID: MSV-1502.
CVE-2024-28000 1 Litespeedtech 1 Litespeed Cache 2024-08-21 9.8 Critical
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.
CVE-2024-42572 1 Arajajyothibabu 1 School Management System 2024-08-21 9.8 Critical
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at unitmarks.php.
CVE-2024-42563 1 Jerryhanjj 1 Erp 2024-08-21 9.8 Critical
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVE-2024-42556 1 Vaibhavverma9999 1 Hotel Management System 2024-08-21 9.8 Critical
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.
CVE-2024-30949 1 Newlib Project 1 Newlib 2024-08-21 9.8 Critical
An issue in newlib v.4.3.0 allows an attacker to execute arbitrary code via the time unit scaling in the _gettimeofday function.