Vulnerabilities (CVE)

Total 79717 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45788 1 Reedos 1 Aim-star 2024-09-18 N/A 7.5 HIGH
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.
CVE-2024-8306 1 Schneider-electric 2 Vijeo Designer, Vijeo Designer Embedded In Ecostruxure Machine Expert 2024-09-18 N/A 7.8 HIGH
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries.
CVE-2024-39378 3 Adobe, Apple, Microsoft 3 Audition, Mac Os X, Windows 2024-09-18 N/A 7.8 HIGH
Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20430 1 Cisco 1 Meraki Systems Manager 2024-09-18 N/A 7.3 HIGH
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. 
CVE-2023-48171 1 Owasp 1 Defectdojo 2024-09-18 N/A 8.8 HIGH
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
CVE-2024-8749 1 I-doit 1 I-doit 2024-09-18 N/A 7.5 HIGH
SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and retrieve all the information stored in the database.
CVE-2024-41475 1 Sir 1 Gnuboard 2024-09-18 N/A 8.8 HIGH
Gnuboard g6 6.0.7 is vulnerable to Session hijacking due to a CORS misconfiguration.
CVE-2024-42485 1 Pxlrbt 1 Filament Excel 2024-09-18 N/A 7.5 HIGH
Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the URL. Patched with Version v2.3.3.
CVE-2024-8012 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
CVE-2024-44107 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution.
CVE-2024-44106 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
CVE-2024-44105 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials.
CVE-2024-44104 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
CVE-2024-45041 1 External-secrets 1 External Secrets Operator 2024-09-18 N/A 8.8 HIGH
External Secrets Operator is a Kubernetes operator that integrates external secret management systems. The external-secrets has a deployment called default-external-secrets-cert-controller, which is bound with a same-name ClusterRole. This ClusterRole has "get/list" verbs of secrets resources. It also has path/update verb of validatingwebhookconfigurations resources. This can be used to abuse the SA token of the deployment to retrieve or get ALL secrets in the whole cluster, capture and log all data from requests attempting to update Secrets, or make a webhook deny all Pod create and update requests. This vulnerability is fixed in 0.10.2.
CVE-2024-44103 1 Ivanti 1 Workspace Control 2024-09-18 N/A 7.8 HIGH
DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges.
CVE-2024-39641 1 Thimpress 1 Learnpress 2024-09-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.
CVE-2024-39645 1 Themeum 1 Tutor Lms 2024-09-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
CVE-2024-39657 1 Sender 1 Sender 2024-09-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18.
CVE-2024-43116 1 10up 1 Simple Local Avatars 2024-09-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.
CVE-2024-43117 1 Wpmudev 1 Hummingbird 2024-09-18 N/A 8.8 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.