Total
271851 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26337 | 2024-11-26 | 4.3 Medium | ||
| swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. | ||||
| CVE-2024-20308 | 2024-11-26 | 8.6 High | ||
| A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.. | ||||
| CVE-2024-10041 | 2 Linux-pam, Redhat | 3 Linux-pam, Enterprise Linux, Rhel Eus | 2024-11-26 | 4.7 Medium |
| A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. | ||||
| CVE-2023-52048 | 2024-11-26 | 4.7 Medium | ||
| RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/. | ||||
| CVE-2024-10570 | 1 Cleantalk | 1 Antispam | 2024-11-26 | 7.5 High |
| The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-37360 | 1 Pacparser Project | 1 Pacparser | 2024-11-26 | 5.9 Medium |
| pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). | ||||
| CVE-2023-51708 | 1 Bentley | 2 Assetwise Alim For Transportation, Eb System Management Console | 2024-11-26 | 8.6 High |
| Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to information disclosure. This affects eB System management Console before 23.00.02.03 and Assetwise ALIM For Transportation before 23.00.01.25. | ||||
| CVE-2023-3063 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2024-11-26 | 8.8 High |
| The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts. | ||||
| CVE-2023-2834 | 1 Stylemixthemes | 1 Bookit | 2024-11-26 | 9.8 Critical |
| The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | ||||
| CVE-2024-11024 | 1 Apppresser | 1 Apppresser | 2024-11-26 | 9.8 Critical |
| The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account. | ||||
| CVE-2023-3478 | 1 Ibos | 1 Ibos | 2024-11-26 | 4.7 Medium |
| A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11632 | 2 Code-projects, Fabianros | 2 Simple Car Rental System, Simple Car Rental System | 2024-11-26 | 7.3 High |
| A vulnerability was found in code-projects Simple Car Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file /book_car.php. The manipulation of the argument fname/id_no/gender/email/phone/location leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "fname" to be affected. Further analysis indicates that other arguments might be affected as well. | ||||
| CVE-2024-9928 | 1 Hitachienergy | 1 Nsd570 Firmware | 2024-11-26 | 5.3 Medium |
| A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks. | ||||
| CVE-2024-35675 | 1 Advanced-woo-labels | 1 Advanced Woo Labels | 2024-11-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through 1.93. | ||||
| CVE-2023-22814 | 1 Westerndigital | 12 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 9 more | 2024-11-26 | 10 Critical |
| An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. | ||||
| CVE-2016-9193 | 1 Cisco | 2 Firesight System Software, Secure Firewall Management Center | 2024-11-26 | N/A |
| A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0. | ||||
| CVE-2016-1458 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A |
| The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.0.3, 5.3.1.x before 5.3.1.2, and 5.4.x before 5.4.0.1 allows remote authenticated users to increase user-account privileges via crafted HTTP requests, aka Bug ID CSCur25483. | ||||
| CVE-2016-6434 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | N/A |
| Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | ||||
| CVE-2020-3315 | 1 Cisco | 19 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1100-lte Integrated Services Router and 16 more | 2024-11-26 | 5.3 Medium |
| Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. | ||||
| CVE-2020-3558 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 4.7 Medium |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | ||||