Search Results (26982 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-7732 1 Secom 1 Dr.id Attendance System 2024-10-03 9.8 Critical
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents.
CVE-2024-46488 2 Asg017, Sqlite 2 Sqlite-vec, Sqlite-vec 2024-10-02 9.1 Critical
sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2024-5480 2024-10-02 10.0 Critical
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-45823 1 Rockwellautomation 1 Factorytalk Batch View 2024-10-02 8.1 High
CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication.
CVE-2024-0132 2 Linux, Nvidia 5 Linux Kernel, Container Toolkit, Gpu Operator and 2 more 2024-10-02 9 Critical
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2024-6593 1 Watchguard 1 Authentication Gateway 2024-10-01 9.1 Critical
Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with network access to execute restricted management commands. This issue affects Authentication Gateway: through 12.10.2.
CVE-2024-8888 1 Circutor 3 Circutor Q Smt, Q-smt, Q-smt Firmware 2024-10-01 10 Critical
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.
CVE-2024-8887 1 Circutor 3 Circutor Q Smt, Q-smt, Q-smt Firmware 2024-10-01 10 Critical
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.
CVE-2024-8940 1 Scriptcase 1 Scriptcase 2024-10-01 10 Critical
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input.
CVE-2024-43693 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 10 Critical
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands.
CVE-2024-43692 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 9.8 Critical
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.
CVE-2024-45066 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 10 Critical
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.
CVE-2024-43423 1 Doverfuelingsolutions 6 Maglink Lx4 Console, Maglink Lx Console, Progauge Maglink Lx4 Console and 3 more 2024-10-01 9.8 Critical
The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.
CVE-2024-6596 2 Endress, Endress\+hauser 17 Echo Curve Viewer, Field Xpert Smt50, Field Xpert Smt50 Firmware and 14 more 2024-10-01 9.8 Critical
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
CVE-2024-45861 2 Kastle, Kastlesystems 3 Access Control System, Access Control System Firmware, Access Control System Firmware 2024-09-30 7.5 High
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
CVE-2024-6800 1 Github 1 Enterprise Server 2024-09-30 9.8 Critical
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation metadata XML. This vulnerability allowed an attacker with direct network access to GitHub Enterprise Server to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.14 and was fixed in versions 3.13.3, 3.12.8, 3.11.14, and 3.10.16. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-47066 1 Lobehub 1 Lobe Chat 2024-09-30 9 Critical
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.
CVE-2024-9148 1 Flowiseai 2 Embed, Flowise 2024-09-30 9.6 Critical
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
CVE-2024-8606 1 Checkmk 1 Checkmk 2024-09-30 8.8 High
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
CVE-2024-0005 1 Purestorage 4 Flasharray, Flashblade, Purity\/\/fa and 1 more 2024-09-27 9.1 Critical
A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.