Vulnerabilities (CVE)

Total 271657 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-38651 2024-09-09 N/A 8.5 HIGH
A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC server, which can lead to remote code execution on VSPC server.
CVE-2024-40712 2024-09-09 N/A 7.8 HIGH
A path traversal vulnerability allows an attacker with a low-privileged account and local access to the system to perform local privilege escalation (LPE).
CVE-2024-39715 2024-09-09 N/A 8.5 HIGH
A code injection vulnerability that allows a low-privileged user with REST API access granted to remotely upload arbitrary files to the VSPC server using REST API, leading to remote code execution on VSPC server.
CVE-2024-45771 2024-09-09 N/A 9.8 CRITICAL
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php.
CVE-2024-44839 2024-09-09 N/A 9.8 CRITICAL
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.
CVE-2024-42022 2024-09-09 N/A 7.5 HIGH
An incorrect permission assignment vulnerability allows an attacker to modify product configuration files.
CVE-2024-40713 2024-09-09 N/A 7.8 HIGH
A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA.
CVE-2024-40709 2024-09-09 N/A 7.8 HIGH
A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.
CVE-2024-7644 1 Rems 1 Leads Manager Tool 2024-09-09 4.0 MEDIUM 5.4 MEDIUM
A vulnerability was found in SourceCodester Leads Manager Tool 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-leads.php of the component Add Leads Handler. The manipulation of the argument leads_name/phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-44838 2024-09-09 N/A 9.8 CRITICAL
RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php.
CVE-2024-42024 2024-09-09 N/A 9.1 CRITICAL
A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is installed.
CVE-2024-42023 2024-09-09 N/A 7.8 HIGH
An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely.
CVE-2024-42021 2024-09-09 N/A 7.5 HIGH
An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials.
CVE-2024-40718 2024-09-09 N/A 8.8 HIGH
A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability.
CVE-2024-40714 2024-09-09 N/A 8.3 HIGH
An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.
CVE-2024-38650 2024-09-09 N/A 9.9 CRITICAL
An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server.
CVE-2024-6572 2024-09-09 N/A 7.4 HIGH
Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' in Checkmk before Checkmk 2.3.0p15, 2.2.0p33, 2.1.0p48 and 2.0.0 (EOL) allows man-in-the-middle attackers to intercept traffic
CVE-2024-39718 2024-09-09 N/A 8.1 HIGH
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
CVE-2024-7652 2024-09-09 N/A 7.5 HIGH
An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
CVE-2024-8521 2024-09-09 5.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component.