Total
263518 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38161 | 1 Microsoft | 13 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 10 more | 2024-09-19 | 6.8 Medium |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | ||||
| CVE-2024-38160 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-19 | 9.1 Critical |
| Windows Network Virtualization Remote Code Execution Vulnerability | ||||
| CVE-2024-38159 | 1 Microsoft | 2 Windows 10 1607, Windows Server 2016 | 2024-09-19 | 9.1 Critical |
| Windows Network Virtualization Remote Code Execution Vulnerability | ||||
| CVE-2024-38123 | 1 Microsoft | 2 Windows 11 24h2, Windows 11 24h2 | 2024-09-19 | 4.4 Medium |
| Windows Bluetooth Driver Information Disclosure Vulnerability | ||||
| CVE-2024-38108 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-19 | 9.3 Critical |
| Azure Stack Hub Spoofing Vulnerability | ||||
| CVE-2024-43144 | 1 Stylemixthemes | 1 Cost Calculator Builder | 2024-09-19 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes Cost Calculator Builder allows SQL Injection.This issue affects Cost Calculator Builder: from n/a through 3.2.15. | ||||
| CVE-2024-43917 | 1 Templateinvaders | 1 Ti Woocommerce Wishlist | 2024-09-19 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2. | ||||
| CVE-2024-43922 | 1 Nitropack | 1 Nitropack | 2024-09-19 | 4.8 Medium |
| Improper Control of Generation of Code ('Code Injection') vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7. | ||||
| CVE-2024-45696 | 1 Dlink | 4 Covr-x1870, Covr-x1870 Firmware, Dir-x4860 and 1 more | 2024-09-19 | 8.8 High |
| Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device. | ||||
| CVE-2024-45697 | 1 Dlink | 3 Dir-4860 A1, Dir-x4860, Dir-x4860 Firmware | 2024-09-19 | 9.8 Critical |
| Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. | ||||
| CVE-2024-45698 | 1 Dlink | 3 Dir-4860 A1, Dir-x4860, Dir-x4860 Firmware | 2024-09-19 | 8.8 High |
| Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | ||||
| CVE-2023-40920 | 1 Prixan | 1 Prixanconnect | 2024-09-19 | 9.8 Critical |
| Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). | ||||
| CVE-2023-26237 | 1 Watchguard | 8 Edr, Edr Firmware, Epdr and 5 more | 2024-09-19 | 6.7 Medium |
| An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. | ||||
| CVE-2024-9004 | 2024-09-19 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in D-Link DAR-7000 up to 20240912. Affected is an unknown function of the file /view/DBManage/Backup_Server_commit.php. The manipulation of the argument host leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-9003 | 2024-09-19 | 4.3 Medium | ||
| A vulnerability was found in Jinan Chicheng Company JFlow 2.0.0. It has been rated as problematic. This issue affects the function AttachmentUploadController of the file /WF/Ath/EntityMutliFile_Load.do of the component Attachment Handler. The manipulation of the argument oid leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-43496 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2024-43489 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2024-38221 | 1 Microsoft | 1 Edge Chromium | 2024-09-19 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2022-46869 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2024-09-19 | 7.8 High |
| Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278. | ||||
| CVE-2024-25023 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-09-19 | 6.2 Medium |
| IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429. | ||||