Total 277647 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-5849 1 Pepperl-fuchs 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more 2024-08-22 7.1 High
An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once.
CVE-2024-38502 1 Pepperl-fuchs 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more 2024-08-22 7.1 High
An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once.
CVE-2024-38501 1 Pepperl-fuchs 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more 2024-08-22 6.1 Medium
An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device.
CVE-2024-37287 1 Elastic 1 Kibana 2024-08-22 9.1 Critical
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution.
CVE-2024-35124 1 Ibm 1 Openbmc 2024-08-22 7.5 High
A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674.
CVE-2024-40697 1 Ibm 1 Common Licensing 2024-08-22 7.5 High
IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895.
CVE-2024-7706 2 Fujian, Mainwww 2 Mwcms, Mwcms 2024-08-22 4.7 Medium
A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-7707 1 Tenda 2 Fh1206, Fh1206 Firmware 2024-08-22 8.8 High
A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-20486 2024-08-22 6.5 Medium
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user.
CVE-2024-43218 2024-08-22 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Mediavine Control Panel allows Stored XSS.This issue affects Mediavine Control Panel: from n/a through 2.10.4.
CVE-2022-48900 2024-08-22 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-7263 2 Kingsoft, Microsoft 2 Wps Office, Windows 2024-08-22 7.8 High
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library.
CVE-2024-27187 1 Joomla 1 Joomla\! 2024-08-22 7.5 High
Improper Access Controls allows backend users to overwrite their username when disallowed.
CVE-2024-39809 1 F5 1 Big-ip Next Central Manager 2024-08-22 7.5 High
The Central Manager user session refresh token does not expire when a user logs out.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2023-42667 1 Intel 1 Core Ultra Processor 2024-08-22 7.8 High
Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-33657 1 Ami 1 Aptio V 2024-08-22 7.8 High
This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.
CVE-2024-42143 2024-08-22 5.1 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-37353 1 Redhat 1 Enterprise Linux 2024-08-22 4.4 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-41630 1 Tenda 1 Ac18 2024-08-21 7.6 High
Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set.
CVE-2024-40480 2 Jayesh, Kashipara 2 Online Exam System, Online Exam System 2024-08-21 9.8 Critical
A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access.