Total
263579 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-8947 | 1 Micropython | 1 Micropython | 2024-09-20 | 5.6 Medium |
A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed. | ||||
CVE-2024-8951 | 1 Sourcecodester | 1 Resort Reservation System | 2024-09-20 | 3.5 Low |
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-38183 | 1 Microsoft | 1 Groupme | 2024-09-20 | 8.8 High |
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | ||||
CVE-2024-43460 | 1 Microsoft | 1 .dynamics 365 Business Central Online | 2024-09-20 | 8.1 High |
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. | ||||
CVE-2024-45811 | 1 Vitejs | 1 Vite | 2024-09-20 | 4.8 Medium |
Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2024-8957 | 1 Ptzoptics | 2 Pt30x-ndi Firmware, Pt30x-sdi Firmware | 2024-09-20 | 7.2 High |
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956, a remote and unauthenticated attacker can execute arbitrary OS commands on affected devices. | ||||
CVE-2024-8907 | 2024-09-20 | N/A | ||
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium) | ||||
CVE-2024-38813 | 1 Broadcom | 2 Vmware Center Server, Vmware Cloud Foundation | 2024-09-20 | 7.5 High |
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | ||||
CVE-2024-8956 | 1 Ptzoptics | 1 Pt30x-sdi.ndi-xx | 2024-09-20 | 9.1 Critical |
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and unauthenticated attacker can leak sensitive data such as usernames, password hashes, and configurations details. Additionally, the attacker can update individual configuration values or overwrite the whole file. | ||||
CVE-2024-44051 | 2024-09-20 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5. | ||||
CVE-2024-45451 | 2024-09-20 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Roseta allows Stored XSS.This issue affects Roseta: from n/a through 1.3.0. | ||||
CVE-2024-37985 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 23h2 | 2024-09-20 | 5.9 Medium |
Windows Kernel Information Disclosure Vulnerability | ||||
CVE-2024-43976 | 1 Superstorefinder | 1 Super Store Finder | 2024-09-20 | 9.3 Critical |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7. | ||||
CVE-2024-43993 | 2024-09-20 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Liquido allows Stored XSS.This issue affects Liquido: from n/a through 1.0.1.2. | ||||
CVE-2024-44008 | 2024-09-20 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS.This issue affects Geo Mashup: from n/a through 1.13.12. | ||||
CVE-2024-44009 | 2024-09-20 | 7.1 High | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WC Lovers WCFM Marketplace allows Reflected XSS.This issue affects WCFM Marketplace: from n/a through 3.6.10. | ||||
CVE-2024-44047 | 2024-09-20 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through 3.2.2. | ||||
CVE-2024-44064 | 2024-09-20 | 7.1 High | ||
Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54. | ||||
CVE-2024-8768 | 1 Redhat | 1 Enterprise Linux Ai | 2024-09-20 | 7.5 High |
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. | ||||
CVE-2024-44005 | 2024-09-20 | 6.5 Medium | ||
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wpsoul Greenshift – animation and page builder blocks allows Stored XSS.This issue affects Greenshift – animation and page builder blocks: from n/a through 9.3.7. |