Total
277647 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5849 | 1 Pepperl-fuchs | 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more | 2024-08-22 | 7.1 High |
| An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. | ||||
| CVE-2024-38502 | 1 Pepperl-fuchs | 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more | 2024-08-22 | 7.1 High |
| An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. | ||||
| CVE-2024-38501 | 1 Pepperl-fuchs | 48 Eip\/modbus Firmware, Ethernet\/ip Firmware, Icdm-rx\/en-2db9\/rj45-din and 45 more | 2024-08-22 | 6.1 Medium |
| An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | ||||
| CVE-2024-37287 | 1 Elastic | 1 Kibana | 2024-08-22 | 9.1 Critical |
| A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution. | ||||
| CVE-2024-35124 | 1 Ibm | 1 Openbmc | 2024-08-22 | 7.5 High |
| A vulnerability in the combination of the OpenBMC's FW1050.00 through FW1050.10, FW1030.00 through FW1030.50, and FW1020.00 through FW1020.60 default password and session management allow an attacker to gain administrative access to the BMC. IBM X-Force ID: 290674. | ||||
| CVE-2024-40697 | 1 Ibm | 1 Common Licensing | 2024-08-22 | 7.5 High |
| IBM Common Licensing 9.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 297895. | ||||
| CVE-2024-7706 | 2 Fujian, Mainwww | 2 Mwcms, Mwcms | 2024-08-22 | 4.7 Medium |
| A vulnerability was found in Fujian mwcms 1.0.0. It has been rated as critical. Affected by this issue is the function uploadimage of the file /uploadfile.html. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7707 | 1 Tenda | 2 Fh1206, Fh1206 Firmware | 2024-08-22 | 8.8 High |
| A vulnerability was found in Tenda FH1206 02.03.01.35 and classified as critical. Affected by this issue is the function formSafeEmailFilter of the file /goform/SafeEmailFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-20486 | 2024-08-22 | 6.5 Medium | ||
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. | ||||
| CVE-2024-43218 | 2024-08-22 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mediavine Mediavine Control Panel allows Stored XSS.This issue affects Mediavine Control Panel: from n/a through 2.10.4. | ||||
| CVE-2022-48900 | 2024-08-22 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-7263 | 2 Kingsoft, Microsoft | 2 Wps Office, Windows | 2024-08-22 | 7.8 High |
| Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The patch released in version 12.1.0.17119 to mitigate CVE-2024-7262 was not restrictive enough. Another parameter was not properly sanitized which leads to the execution of an arbitrary Windows library. | ||||
| CVE-2024-27187 | 1 Joomla | 1 Joomla\! | 2024-08-22 | 7.5 High |
| Improper Access Controls allows backend users to overwrite their username when disallowed. | ||||
| CVE-2024-39809 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-22 | 7.5 High |
| The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2023-42667 | 1 Intel | 1 Core Ultra Processor | 2024-08-22 | 7.8 High |
| Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-33657 | 1 Ami | 1 Aptio V | 2024-08-22 | 7.8 High |
| This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. | ||||
| CVE-2024-42143 | 2024-08-22 | 5.1 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-37353 | 1 Redhat | 1 Enterprise Linux | 2024-08-22 | 4.4 Medium |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-41630 | 1 Tenda | 1 Ac18 | 2024-08-21 | 7.6 High |
| Stack-based buffer overflow vulnerability in Tenda AC18 V15.03.3.10_EN allows a remote attacker to execute arbitrary code via the ssid parameter at ip/goform/fast_setting_wifi_set. | ||||
| CVE-2024-40480 | 2 Jayesh, Kashipara | 2 Online Exam System, Online Exam System | 2024-08-21 | 9.8 Critical |
| A Broken Access Control vulnerability was found in /admin/update.php and /admin/dashboard.php in Kashipara Online Exam System v1.0, which allows remote unauthenticated attackers to view administrator dashboard and delete valid user accounts via the direct URL access. | ||||