Vulnerabilities (CVE)

Total 79826 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-34658 1 Samsung 1 Notes 2024-09-05 N/A 7.1 HIGH
Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.
CVE-2024-8330 1 6shr System Project 1 6shr System 2024-09-05 N/A 8.8 HIGH
6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server.
CVE-2024-8329 1 6shr System Project 1 6shr System 2024-09-05 N/A 8.8 HIGH
6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents.
CVE-2024-7262 2 Kingsoft, Microsoft 2 Wps Office, Windows 2024-09-05 N/A 7.8 HIGH
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the form of a deceptive spreadsheet document
CVE-2024-34660 1 Samsung 1 Notes 2024-09-05 N/A 7.8 HIGH
Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
CVE-2024-8102 1 Wpextended 1 Wp Extended 2024-09-05 N/A 8.8 HIGH
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the module_all_toggle_ajax() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2024-45050 2024-09-05 N/A 7.1 HIGH
Ringer server is the server code for the Ringer messaging app. Prior to version 1.3.1, there is an issue with the messages loading route where Ringer Server does not check to ensure that the user loading the conversation is actually a member of that conversation. This allows any user with a Lif Account to load any conversation between two users without permission. This issue had been patched in version 1.3.1. There is no action required for users. Lif Platforms will update their servers with the patch.
CVE-2024-39825 1 Zoom 4 Rooms, Workplace, Workplace Desktop and 1 more 2024-09-04 N/A 8.5 HIGH
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-38868 1 Zohocorp 1 Manageengine Endpoint Central 2024-09-04 N/A 8.3 HIGH
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
CVE-2024-7927 1 Zzcms 1 Zzcms 2024-09-04 7.5 HIGH 7.5 HIGH
A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-7926 1 Zzcms 1 Zzcms 2024-09-04 7.5 HIGH 7.5 HIGH
A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-39776 1 Avtecinc 3 Outpost 0810, Outpost 0810 Firmware, Outpost Uploader Utility 2024-09-04 N/A 7.5 HIGH
Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
CVE-2024-42418 1 Avtecinc 3 Outpost 0810, Outpost 0810 Firmware, Outpost Uploader Utility 2024-09-04 N/A 7.5 HIGH
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
CVE-2024-7745 1 Progress 1 Ws Ftp Server 2024-09-04 N/A 8.1 HIGH
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
CVE-2024-7871 1 Easytest Online Test Platform Project 1 Easytest Online Test Platform 2024-09-04 N/A 8.8 HIGH
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.
CVE-2024-41144 1 Mattermost 1 Mattermost Server 2024-09-04 N/A 7.1 HIGH
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly validate synced posts, when shared channels are enabled,  which allows a malicious remote to create/update/delete arbitrary posts in arbitrary channels
CVE-2024-33038 1 Qualcomm 90 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 87 more 2024-09-04 N/A 7.8 HIGH
Memory corruption while passing untrusted/corrupted pointers from DSP to EVA.
CVE-2024-33045 1 Qualcomm 360 Ar8035, Ar8035 Firmware, Csra6620 and 357 more 2024-09-04 N/A 7.8 HIGH
Memory corruption when BTFM client sends new messages over Slimbus to ADSP.
CVE-2024-33048 1 Qualcomm 378 Ar8035, Ar8035 Firmware, Csr8811 and 375 more 2024-09-04 N/A 7.5 HIGH
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
CVE-2024-33051 1 Qualcomm 578 315 5g Iot, 315 5g Iot Firmware, 9206 Lte and 575 more 2024-09-04 N/A 7.5 HIGH
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.