Total
277658 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6983 | 1 Mudler | 1 Localai | 2024-09-30 | N/A |
| mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system. | ||||
| CVE-2024-46331 | 1 Modstart | 1 Modstartcms | 2024-09-30 | 7.2 High |
| ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted URL. | ||||
| CVE-2024-46471 | 1 Codeastro | 1 Membership Management System | 2024-09-30 | 7.5 High |
| The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. | ||||
| CVE-2024-6981 | 1 Omntec | 1 Proteus Tank Monitoring | 2024-09-30 | 9.8 Critical |
| OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication. | ||||
| CVE-2024-46472 | 1 Codeastro | 1 Membership Management System | 2024-09-30 | 8.6 High |
| CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. | ||||
| CVE-2024-9276 | 1 Tmsoft | 1 Myauthgateway | 2024-09-30 | 3.5 Low |
| A vulnerability classified as problematic has been found in TMsoft MyAuth Gateway 3. Affected is an unknown function of the file /index.php. The manipulation of the argument console/nocache/cmd leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-40512 | 1 Openpetra | 1 Openpetra | 2024-09-30 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | ||||
| CVE-2024-8310 | 1 Opwglobal | 1 Sitesentinel Firmware | 2024-09-30 | 9.8 Critical |
| OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. | ||||
| CVE-2024-22170 | 1 Westerndigital | 10 My Cloud Dl2100 Firmware, My Cloud Dl4100 Firmware, My Cloud Ex2100 Firmware and 7 more | 2024-09-30 | N/A |
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102. | ||||
| CVE-2024-25411 | 1 Flatpress | 1 Flatpress | 2024-09-30 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. | ||||
| CVE-2024-3373 | 1 Rsm Design | 1 Web Template | 2024-09-30 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RSM Design Website Template allows SQL Injection.This issue affects Website Template: before 1.2. | ||||
| CVE-2024-39364 | 2024-09-30 | 6.3 Medium | ||
| Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands. | ||||
| CVE-2024-40511 | 1 Openpetra | 1 Openpetra | 2024-09-30 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. | ||||
| CVE-2024-45744 | 1 Topquadrant | 1 Topbraid Edg | 2024-09-30 | 3 Low |
| TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. | ||||
| CVE-2024-45745 | 2024-09-30 | 5 Medium | ||
| TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs (XXE). Fixed in 8.0.1 (bug fix: TBS-6721). | ||||
| CVE-2024-45773 | 1 Facebook | 1 Thrift | 2024-09-30 | 7.5 High |
| A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00. | ||||
| CVE-2024-45863 | 1 Facebook | 1 Thrift | 2024-09-30 | 5.3 Medium |
| A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. | ||||
| CVE-2024-46097 | 1 Testlink | 1 Testlink | 2024-09-30 | 8.1 High |
| TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges. | ||||
| CVE-2024-46333 | 1 Piwigo | 1 Piwigo | 2024-09-30 | 4.8 Medium |
| An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function. | ||||
| CVE-2024-46470 | 1 Codeastro | 1 Membership Management System | 2024-09-30 | 6.1 Medium |
| Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. | ||||