Total
82350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-44270 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 8.6 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2024-42011 | 2024-10-30 | N/A | 7.5 HIGH | ||
| The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat. | |||||
| CVE-2024-44255 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-10-30 | N/A | 7.8 HIGH |
| A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent. | |||||
| CVE-2024-47169 | 1 Agnai | 1 Agnai | 2024-10-30 | N/A | 8.8 HIGH |
| Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability. | |||||
| CVE-2019-25213 | 1 Vasyltech | 1 Advanced Access Manager | 2024-10-30 | N/A | 7.5 HIGH |
| The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php | |||||
| CVE-2020-26311 | 1 Useragent Project | 1 Useragent | 2024-10-30 | N/A | 7.5 HIGH |
| Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available. | |||||
| CVE-2021-4450 | 1 Pickplugins | 1 Post Grid | 2024-10-30 | N/A | 8.8 HIGH |
| The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, and including, 2.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level permissions and above to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2021-4451 | 1 Nintechnet | 1 Ninjafirewall | 2024-10-30 | N/A | 7.2 HIGH |
| The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable software is present (WordPress, and NinjaFirewall). | |||||
| CVE-2024-8383 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | N/A | 7.5 HIGH |
| Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. | |||||
| CVE-2024-8382 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | N/A | 8.8 HIGH |
| Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | |||||
| CVE-2024-44218 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-10-30 | N/A | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. Processing a maliciously crafted file may lead to heap corruption. | |||||
| CVE-2024-50071 | 1 Linux | 1 Linux Kernel | 2024-10-30 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() 'new_map' is allocated using devm_* which takes care of freeing the allocated data on device removal, call to .dt_free_map = pinconf_generic_dt_free_map double frees the map as pinconf_generic_dt_free_map() calls pinctrl_utils_free_map(). Fix this by using kcalloc() instead of auto-managed devm_kcalloc(). | |||||
| CVE-2024-44289 | 1 Apple | 1 Macos | 2024-10-30 | N/A | 7.5 HIGH |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information. | |||||
| CVE-2022-4972 | 1 Wpchill | 1 Download Monitor | 2024-10-30 | N/A | 7.5 HIGH |
| The Download Monitor plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST-API routes related to reporting in versions up to, and including, 4.7.51. This makes it possible for unauthenticated attackers to view user data and other sensitive information intended for administrators. | |||||
| CVE-2024-10353 | 1 Oretnom23 | 1 Online Exam System | 2024-10-30 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /admin-dashboard. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This affects a different product and is a different issue than CVE-2024-40480. | |||||
| CVE-2024-47904 | 1 Siemens | 3 Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber, Intermesh 7707 Fire Subscriber Firmware | 2024-10-30 | N/A | 7.8 HIGH |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The affected devices contain a SUID binary that could allow an authenticated local attacker to execute arbitrary commands with root privileges. | |||||
| CVE-2024-3980 | 1 Hitachienergy | 2 Microscada Pro Sys600, Microscada X Sys600 | 2024-10-30 | N/A | 8.8 HIGH |
| The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application. | |||||
| CVE-2024-3982 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-10-30 | N/A | 8.2 HIGH |
| An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session. By default, the session logging level is not enabled and only users with administrator rights can enable it. | |||||
| CVE-2024-4872 | 1 Hitachienergy | 2 Microscada Pro Sys600, Microscada X Sys600 | 2024-10-30 | N/A | 8.8 HIGH |
| A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential. | |||||
| CVE-2024-10290 | 1 Zzcms | 1 Zzcms | 2024-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||