Latest CVE Feed
-
9.8
CVSS31CVE-2024-48904
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
5.4
CVSS31CVE-2024-48708
Collabtive 3.1 is vulnerable to Cross-Site Scripting (XSS) via the name parameter in (a) file tasklist.php under action = add/edit and in (b) file admin.php under action = adduser/edituser.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
5.4
CVSS31CVE-2024-48707
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under (a) action=add or action=edit within managemilestone.php file and (b) action=addpro within admin.php file.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
5.4
CVSS31CVE-2024-48706
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the title parameter with action=add or action=editform within the (a) managemessage.php file and (b) managetask.php file respectively.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
7.5
CVSS31CVE-2024-48570
Client Management System 1.0 was discovered to contain a SQL injection vulnerability via the Between Dates Reports parameter at /admin/bwdates-reports-ds.php.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
8.4
CVSS31CVE-2024-46902
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute high-privileged cod... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
9.3
CVSS31CVE-2024-46538
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
8.4
CVSS31CVE-2022-23862
A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" ... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
6.1
CVSS31CVE-2022-23861
Multiple Stored Cross-Site Scripting vulnerabilities were discovered in Y Soft SAFEQ 6 Build 53. Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution ... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
7.8
CVSS31CVE-2024-48903
An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the t... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
6.5
CVSS31CVE-2024-46903
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
8.4
CVSS31CVE-2024-45335
Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
7.8
CVSS31CVE-2024-45334
Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
7.8
CVSS31CVE-2024-41183
Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
7.5
CVSS31CVE-2024-39753
An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
5.3
CVSS31CVE-2024-50312
A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack su... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
9.8
CVSS31CVE-2024-48659
An issue in DCME-320-L <=9.3.2.114 allows a remote attacker to execute arbitrary code via the log_u_umount.php component.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
7.8
CVSS31CVE-2024-48605
An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
8.2
CVSS31CVE-2024-47912
A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A suc... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
9.4
CVSS31CVE-2024-47223
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a SQL injection attack due to insufficient sanitization of user input. A successf... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024