Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-34012 1 Acronis 1 Cloud Manager 2024-11-21 4.4 Medium
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.
CVE-2024-33933 1 Brainstormforce 1 Elementor - Header\, Footer \& Blocks Template 2024-11-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainstorm Force, Nikhil Chavan Elementor – Header, Footer & Blocks Template allows DOM-Based XSS.This issue affects Elementor – Header, Footer & Blocks Template: from n/a through 1.6.35.
CVE-2024-33897 1 Hms-networks 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more 2024-11-21 9.1 Critical
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on the Talk2m production server on April 18, 2024.
CVE-2024-33881 2 Microsoft, Virtosoftware 2 Sharepoint Server, Sharepoint Bulk File Download 2024-11-21 5.3 Medium
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.
CVE-2024-33879 2 Microsoft, Virtosoftware 2 Sharepoint Server, Sharepoint Bulk File Download 2024-11-21 9.8 Critical
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter.
CVE-2024-33700 2 Level1, Levelone 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 2024-11-21 7.5 High
The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption.
CVE-2024-33699 2 Level1, Levelone 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 2024-11-21 9.9 Critical
The LevelOne WBR-6012 router's web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password.
CVE-2024-33654 1 Siemens 1 Simcenter Femap 2024-11-21 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-33653 1 Siemens 1 Simcenter Femap 2024-11-21 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.
CVE-2024-33626 2 Level1, Levelone 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 2024-11-21 5.3 Medium
The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page accessible by an HTTP request. Disclosure of this information could enable attackers to connect to the device's WiFi network.
CVE-2024-33623 1 Level1 2 Wbr-6012, Wbr-6012 Firmware 2024-11-21 3.7 Low
A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2024-33603 2 Level1, Levelone 3 Wbr-6012, Wbr-6012 Firmware, Wbr-6012 2024-11-21 5.3 Medium
The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such as memory addresses and IP addresses for login attempts. This flaw could lead to session hijacking due to the device's reliance on IP address for authentication.
CVE-2024-33564 1 8theme 1 Xstore 2024-11-21 8.8 High
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2024-33563 1 8theme 1 Xstore 2024-11-21 7.6 High
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2024-33561 1 8theme 1 Xstore 2024-11-21 7.5 High
Missing Authorization vulnerability in 8theme XStore.This issue affects XStore: from n/a through 9.3.8.
CVE-2024-33555 1 8theme 1 Xstore Core 2024-11-21 8.1 High
Missing Authorization vulnerability in 8theme XStore Core.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-33547 1 Aa-team 1 Wzone 2024-11-21 8.3 High
Missing Authorization vulnerability in AA-Team WZone.This issue affects WZone: from n/a through 14.0.10.
CVE-2024-33541 2024-11-21 6.5 Medium
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BetterAddons Better Elementor Addons allows PHP Local File Inclusion.This issue affects Better Elementor Addons: from n/a through 1.4.1.
CVE-2024-33509 1 Fortinet 1 Fortiweb 2024-11-21 4.4 Medium
An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).
CVE-2024-33253 2 Gunet, Openeclass 2 Open Eclass Platform, Openeclass 2024-11-21 6 Medium
Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.