Total
26137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44849 | 2024-09-09 | N/A | 9.8 CRITICAL | ||
| Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. | |||||
| CVE-2024-39714 | 2024-09-09 | N/A | 9.9 CRITICAL | ||
| A code injection vulnerability that permits a low-privileged user to upload arbitrary files to the server, leading to remote code execution on VSPC server. | |||||
| CVE-2024-38650 | 2024-09-09 | N/A | 9.9 CRITICAL | ||
| An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. | |||||
| CVE-2022-33162 | 1 Ibm | 2 Security Directory Integrator, Security Verify Directory Integrator | 2024-09-07 | N/A | 9.8 CRITICAL |
| IBM Security Directory Integrator 7.2.0 and Security Verify Directory Integrator 10.0.0 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources, at the privilege level of a standard unprivileged user. IBM X-Force ID: 228570. | |||||
| CVE-2024-7454 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-09-07 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273548. | |||||
| CVE-2024-45307 | 1 Onesoftnet | 1 Sudobot | 2024-09-07 | N/A | 9.8 CRITICAL |
| SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is affected. Other versions (e.g. v8) are not affected. Users should upgrade to version 9.26.7 to receive a patch. A workaround would be to create a command permission overwrite in the Database. A SQL statement provided in the GitHub Security Advisor can be executed to create a overwrite that disallows users without `ManageGuild` permission to run the `-config` command. Run the SQL statement for every server the bot is in, and replace `<guild_id>` with the appropriate Guild ID each time. | |||||
| CVE-2024-8255 | 1 Deltaww | 1 Dtn Soft | 2024-09-06 | N/A | 9.8 CRITICAL |
| Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | |||||
| CVE-2024-7720 | 1 Hp | 1 Security Manager | 2024-09-06 | N/A | 9.8 CRITICAL |
| HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries. | |||||
| CVE-2024-7569 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | N/A | 9.8 CRITICAL |
| An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. | |||||
| CVE-2024-45158 | 2024-09-06 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.) | |||||
| CVE-2024-45758 | 2024-09-06 | N/A | 9.1 CRITICAL | ||
| H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors. | |||||
| CVE-2024-42783 | 1 Lopalopa | 1 Music Management System | 2024-09-06 | N/A | 9.8 CRITICAL |
| Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter. | |||||
| CVE-2024-6459 | 2024-09-06 | N/A | 9.8 CRITICAL | ||
| The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files. | |||||
| CVE-2024-42919 | 2024-09-06 | N/A | 9.8 CRITICAL | ||
| eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVReport. | |||||
| CVE-2024-8387 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-09-06 | N/A | 9.8 CRITICAL |
| Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2024-8385 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-09-06 | N/A | 9.8 CRITICAL |
| A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2024-8384 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-09-06 | N/A | 9.8 CRITICAL |
| The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | |||||
| CVE-2024-8381 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-09-06 | N/A | 9.8 CRITICAL |
| A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | |||||
| CVE-2024-43240 | 1 Wpindeed | 1 Ultimate Membership Pro | 2024-09-06 | N/A | 9.8 CRITICAL |
| Improper Privilege Management vulnerability in azzaroco Ultimate Membership Pro allows Privilege Escalation.This issue affects Ultimate Membership Pro: from n/a through 12.6. | |||||
| CVE-2024-43242 | 1 Wpindeed | 1 Ultimate Membership Pro | 2024-09-06 | N/A | 10.0 CRITICAL |
| Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6. | |||||