Total
27051 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44430 | 1 Mayurik | 1 Best Free Law Office Management | 2024-09-19 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface | |||||
| CVE-2021-38132 | 1 Microfocus | 1 Edirectory | 2024-09-18 | N/A | 9.8 CRITICAL |
| Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | |||||
| CVE-2024-27115 | 1 Soplanning | 1 Soplanning | 2024-09-18 | N/A | 9.8 CRITICAL |
| A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02. | |||||
| CVE-2024-27113 | 1 Soplanning | 1 Soplanning | 2024-09-18 | N/A | 9.8 CRITICAL |
| An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02. | |||||
| CVE-2024-27112 | 1 Soplanning | 1 Soplanning | 2024-09-18 | N/A | 9.8 CRITICAL |
| A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02. | |||||
| CVE-2024-45790 | 1 Reedos | 1 Aim-star | 2024-09-18 | N/A | 9.8 CRITICAL |
| This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. | |||||
| CVE-2024-8517 | 1 Spip | 1 Spip | 2024-09-18 | N/A | 9.8 CRITICAL |
| SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request. | |||||
| CVE-2024-8611 | 1 Angeljudesuarez | 1 Tailoring Management System | 2024-09-18 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file ssms.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-37234 | 1 Loftware | 1 Spectrum | 2024-09-18 | N/A | 9.8 CRITICAL |
| Loftware Spectrum through 4.6 has unprotected JMX Registry. | |||||
| CVE-2024-37995 | 1 Siemens | 54 Simatic Reader Rf610r Cmiit, Simatic Reader Rf610r Cmiit Firmware, Simatic Reader Rf610r Etsi and 51 more | 2024-09-18 | N/A | 9.1 CRITICAL |
| A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information. | |||||
| CVE-2024-45695 | 1 Dlink | 2 Dir-x4860, Dir-x4860 Firmware | 2024-09-17 | N/A | 9.8 CRITICAL |
| The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | |||||
| CVE-2024-45694 | 1 Dlink | 4 Dir-x4860, Dir-x4860 Firmware, Dir-x5460 and 1 more | 2024-09-17 | N/A | 9.8 CRITICAL |
| The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | |||||
| CVE-2024-40643 | 1 Joplin Project | 1 Joplin | 2024-09-17 | N/A | 9.6 CRITICAL |
| Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "<" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag. | |||||
| CVE-2024-38194 | 1 Microsoft | 1 Azure Web Apps | 2024-09-17 | N/A | 9.9 CRITICAL |
| An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. | |||||
| CVE-2024-38216 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-17 | N/A | 9.0 CRITICAL |
| Azure Stack Hub Elevation of Privilege Vulnerability | |||||
| CVE-2024-38220 | 1 Microsoft | 1 Azure Stack Hub | 2024-09-17 | N/A | 9.0 CRITICAL |
| Azure Stack Hub Elevation of Privilege Vulnerability | |||||
| CVE-2024-38225 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-09-17 | N/A | 9.8 CRITICAL |
| Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | |||||
| CVE-2024-38240 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-09-17 | N/A | 9.8 CRITICAL |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2024-6919 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024. | |||||
| CVE-2024-7314 | 1 Anji-plus | 1 Report | 2024-09-17 | N/A | 9.8 CRITICAL |
| anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. | |||||