Total
82346 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30357 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | N/A | 8.8 HIGH |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. | |||||
| CVE-2022-30358 | 1 Ovaledge | 1 Ovaledge | 2024-10-31 | N/A | 8.8 HIGH |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required. | |||||
| CVE-2024-48230 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \backend\controller\auth\Auth.php. | |||||
| CVE-2024-48229 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| funadmin 5.0.2 has a SQL injection vulnerability in the Curd one click command mode plugin. | |||||
| CVE-2024-7783 | 1 Mintplexlabs | 1 Anythingllm | 2024-10-31 | N/A | 7.5 HIGH |
| mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3. | |||||
| CVE-2024-48223 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist. | |||||
| CVE-2024-48222 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit. | |||||
| CVE-2024-48218 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list. | |||||
| CVE-2024-48226 | 1 Funadmin | 1 Funadmin | 2024-10-31 | N/A | 7.2 HIGH |
| Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. | |||||
| CVE-2022-48999 | 1 Linux | 1 Linux Kernel | 2024-10-31 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_semantics.c:961 fib_table_delete+0x5f3/0xa40 linux-6.0-rc7/net/ipv4/fib_trie.c:1753 inet_rtm_delroute+0x2b3/0x380 linux-6.0-rc7/net/ipv4/fib_frontend.c:874 Separate nexthop objects are mutually exclusive with the legacy multipath spec. Fix fib_nh_match to return if the config for the to be deleted route contains a multipath spec while the fib_info is using a nexthop object. | |||||
| CVE-2024-41153 | 1 Hitachienergy | 6 Tro610, Tro610 Firmware, Tro620 and 3 more | 2024-10-31 | N/A | 7.2 HIGH |
| Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | |||||
| CVE-2024-20420 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user. | |||||
| CVE-2024-44203 | 1 Apple | 1 Macos | 2024-10-31 | N/A | 7.5 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user's Photos Library. | |||||
| CVE-2024-20463 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | N/A | 7.1 HIGH |
| A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the HTTP server allowing state changes in GET requests. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface on an affected device. A successful exploit could allow the attacker to make limited modifications to the configuration or reboot the device, resulting in a denial of service (DoS) condition. | |||||
| CVE-2024-50488 | 1 Priyabratasarkar | 1 Token Login | 2024-10-31 | N/A | 8.8 HIGH |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3. | |||||
| CVE-2024-10230 | 1 Google | 1 Chrome | 2024-10-31 | N/A | 8.8 HIGH |
| Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-10447 | 1 Projectworlds | 1 Online Time Table Generator | 2024-10-31 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely. | |||||
| CVE-2024-10438 | 1 Sun.net | 1 Ehdr Ctms | 2024-10-31 | N/A | 7.5 HIGH |
| The eHRD CTMS from Sunnet has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to bypass authentication by satisfying specific conditions in order to access certain functionalities. | |||||
| CVE-2024-10439 | 1 Sun.net | 1 Ehdr Ctms | 2024-10-31 | N/A | 7.5 HIGH |
| The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user. | |||||
| CVE-2024-48427 | 1 Oretnom23 | 1 Packers And Movers Management System | 2024-10-31 | N/A | 8.8 HIGH |
| A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id | |||||