Total
299162 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-47007 | 1 Ivanti | 1 Avalanche | 2024-10-16 | N/A | 7.5 HIGH |
| A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | |||||
| CVE-2024-8630 | 1 Alisonic | 2 Sibylla, Sibylla Firmware | 2024-10-16 | N/A | 9.8 CRITICAL |
| Alisonic Sibylla devices are vulnerable to SQL injection attacks, which could allow complete access to the database. | |||||
| CVE-2024-37983 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability | |||||
| CVE-2023-7260 | 1 Opentext | 1 Cx-e Voice | 2024-10-16 | N/A | 7.5 HIGH |
| Path Traversal vulnerability discovered in OpenText™ CX-E Voice, affecting all version through 22.4. The vulnerability could allow arbitrarily access files on the system. | |||||
| CVE-2024-7489 | 2024-10-16 | N/A | 4.4 MEDIUM | ||
| The Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form color parameters in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-48793 | 2024-10-15 | N/A | 5.9 MEDIUM | ||
| An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48771 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48768 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-46215 | 2024-10-15 | N/A | 6.5 MEDIUM | ||
| A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. | |||||
| CVE-2024-44807 | 2024-10-15 | N/A | 5.3 MEDIUM | ||
| A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. | |||||
| CVE-2024-44415 | 2024-10-15 | N/A | 6.5 MEDIUM | ||
| A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. | |||||
| CVE-2024-44413 | 2024-10-15 | N/A | 8.8 HIGH | ||
| A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. | |||||
| CVE-2024-41858 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-10-15 | N/A | 7.8 HIGH |
| InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-48776 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48775 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48773 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48788 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48787 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48786 | 2024-10-15 | N/A | 9.1 CRITICAL | ||
| An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48784 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||