Total
1280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48768 | 1 Almando | 1 Almando Control Firmware | 2024-10-15 | 7.5 High |
| An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2024-48776 | 1 Shelly | 1 Home Firmware | 2024-10-15 | 7.5 High |
| An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2024-48775 | 1 Starvedia | 1 Ezset Firmware | 2024-10-15 | 7.5 High |
| An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48773 | 1 Wo-smart | 1 Morepro Firmware | 2024-10-15 | 7.5 High |
| An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2023-39436 | 1 Sap | 1 Supplier Relationship Management | 2024-10-15 | 5.8 Medium |
| SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. | ||||
| CVE-2024-22326 | 1 Ibm | 2 Ds8900f Firmware, System Storage Ds8000 Management Console Firmware | 2024-10-15 | 5 Medium |
| IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. IBM X-Force ID: 279518. | ||||
| CVE-2024-48777 | 1 Ledvance | 1 Smartplus Firmware | 2024-10-15 | 7.5 High |
| LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2021-34621 | 1 Properfraction | 1 Profilepress | 2024-10-15 | 9.8 Critical |
| A vulnerability in the user registration component found in the ~/src/Classes/RegistrationAuth.php file of the ProfilePress WordPress plugin made it possible for users to register on sites as an administrator. This issue affects versions 3.0.0 - 3.1.3. . | ||||
| CVE-2023-26570 | 1 Idattend | 1 Idweb | 2024-10-15 | 7.5 High |
| Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-26571 | 1 Idattend | 1 Idweb | 2024-10-15 | 7.5 High |
| Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | ||||
| CVE-2023-26573 | 1 Idattend | 1 Idweb | 2024-10-15 | 8.2 High |
| Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | ||||
| CVE-2023-26574 | 1 Idattend | 1 Idweb | 2024-10-15 | 7.5 High |
| Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||||
| CVE-2023-26575 | 1 Idattend | 1 Idweb | 2024-10-15 | 7.5 High |
| Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | ||||
| CVE-2023-26576 | 1 Idattend | 1 Idweb | 2024-10-15 | 7.5 High |
| Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | ||||
| CVE-2022-0993 | 1 Siteground | 1 Siteground Security | 2024-10-15 | 8.1 High |
| The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on the 2FA back-up code implementation that logs users in upon success. This affects versions up to, and including, 1.2.5. | ||||
| CVE-2024-9137 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9004 and 4 more | 2024-10-15 | 9.4 Critical |
| The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise. | ||||
| CVE-2024-9522 | 1 Lagunaisw | 1 Wp Users Masquerade | 2024-10-15 | 8.8 High |
| The WP Users Masquerade plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.0. This is due to incorrect authentication and capability checking in the 'ajax_masq_login' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. | ||||
| CVE-2024-9164 | 1 Gitlab | 1 Gitlab | 2024-10-15 | 9.6 Critical |
| An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. | ||||
| CVE-2024-3777 | 1 Ai3 | 1 Qbibot | 2024-10-14 | 9.8 Critical |
| The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password. | ||||
| CVE-2024-26263 | 1 Ebm Technologies | 1 Risweb | 2024-10-14 | 5.3 Medium |
| EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. | ||||