Total
271657 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-38651 | 2024-09-09 | N/A | 8.5 HIGH | ||
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server. | |||||
CVE-2024-40712 | 2024-09-09 | N/A | 7.8 HIGH | ||
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE). | |||||
CVE-2024-39715 | 2024-09-09 | N/A | 8.5 HIGH | ||
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server. | |||||
CVE-2024-45771 | 2024-09-09 | N/A | 9.8 CRITICAL | ||
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. | |||||
CVE-2024-44839 | 2024-09-09 | N/A | 9.8 CRITICAL | ||
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. | |||||
CVE-2024-42022 | 2024-09-09 | N/A | 7.5 HIGH | ||
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. | |||||
CVE-2024-40713 | 2024-09-09 | N/A | 7.8 HIGH | ||
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. | |||||
CVE-2024-40709 | 2024-09-09 | N/A | 7.8 HIGH | ||
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. | |||||
CVE-2024-7644 | 1 Rems | 1 Leads Manager Tool | 2024-09-09 | 4.0 MEDIUM | 5.4 MEDIUM |
A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-44838 | 2024-09-09 | N/A | 9.8 CRITICAL | ||
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php. | |||||
CVE-2024-42024 | 2024-09-09 | N/A | 9.1 CRITICAL | ||
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed. | |||||
CVE-2024-42023 | 2024-09-09 | N/A | 7.8 HIGH | ||
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. | |||||
CVE-2024-42021 | 2024-09-09 | N/A | 7.5 HIGH | ||
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. | |||||
CVE-2024-40718 | 2024-09-09 | N/A | 8.8 HIGH | ||
A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. | |||||
CVE-2024-40714 | 2024-09-09 | N/A | 8.3 HIGH | ||
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. | |||||
CVE-2024-38650 | 2024-09-09 | N/A | 9.9 CRITICAL | ||
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. | |||||
CVE-2024-6572 | 2024-09-09 | N/A | 7.4 HIGH | ||
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic | |||||
CVE-2024-39718 | 2024-09-09 | N/A | 8.1 HIGH | ||
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account. | |||||
CVE-2024-7652 | 2024-09-09 | N/A | 7.5 HIGH | ||
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
CVE-2024-8521 | 2024-09-09 | 5.0 MEDIUM | 4.3 MEDIUM | ||
A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component. |