Total
78321 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23489 | 1 Intel | 1 Virtual Raid On Cpu | 2024-09-12 | N/A | 7.3 HIGH |
| Uncontrolled search path for some Intel(R) VROC software before version 8.6.0.1191 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-34019 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | |||||
| CVE-2024-34017 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | N/A | 7.3 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | |||||
| CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | N/A | 8.8 HIGH |
| File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | |||||
| CVE-2024-43264 | 1 Mediavine | 1 Create | 2024-09-12 | N/A | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8. | |||||
| CVE-2024-6311 | 1 Funnelforms | 1 Funnelforms Free | 2024-09-12 | N/A | 7.2 HIGH |
| The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-8391 | 1 Eclipse | 1 Vert.x | 2024-09-12 | N/A | 7.5 HIGH |
| In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) | |||||
| CVE-2024-42760 | 2024-09-12 | N/A | 7.5 HIGH | ||
| SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component. | |||||
| CVE-2024-43916 | 1 Dylanjkotze | 1 Zephyr Project Manager | 2024-09-12 | N/A | 7.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.102. | |||||
| CVE-2024-6445 | 1 Dataflowx | 1 Datadiodex | 2024-09-12 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: from v3.0.0 before v3.1.7. | |||||
| CVE-2024-42468 | 1 Openhab | 1 Openhab | 2024-09-12 | N/A | 7.5 HIGH |
| openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This issue may lead to information disclosure. Users should upgrade to version 4.2.1 of the CometVisu add-on of openHAB to receive a patch. | |||||
| CVE-2024-45624 | 2024-09-12 | N/A | 7.5 HIGH | ||
| Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved. | |||||
| CVE-2024-4555 | 1 Microfocus | 1 Netiq Access Manager | 2024-09-12 | N/A | 7.5 HIGH |
| Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | |||||
| CVE-2024-4556 | 1 Microfocus | 1 Netiq Access Manager | 2024-09-12 | N/A | 7.5 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | |||||
| CVE-2024-41173 | 1 Beckhoff | 2 Ipc Diagnostics Package, Twincat\/bsd | 2024-09-12 | N/A | 7.8 HIGH |
| The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker. | |||||
| CVE-2024-8504 | 2024-09-12 | N/A | 8.8 HIGH | ||
| An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. | |||||
| CVE-2024-7349 | 1 Lifterlms | 1 Lifterlms | 2024-09-12 | N/A | 7.2 HIGH |
| The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-28981 | 2024-09-12 | N/A | 8.5 HIGH | ||
| Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields. | |||||
| CVE-2024-44974 | 1 Linux | 1 Linux Kernel | 2024-09-12 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with. | |||||
| CVE-2024-38226 | 1 Microsoft | 2 Office, Publisher | 2024-09-12 | N/A | 7.3 HIGH |
| Microsoft Publisher Security Feature Bypass Vulnerability | |||||