Latest CVE Feed
-
9.4
CVSS31CVE-2024-9201
The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the ‘id_order’ parameter of the ‘/modules/seur/ajax/saveCodFee.php’ endpoint.... Read more
Affected Products :- Published: Oct. 10, 2024
- Modified: Oct. 10, 2024
-
9.8
CVSS31CVE-2024-45115
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or ele... Read more
Affected Products :- Published: Oct. 10, 2024
- Modified: Oct. 10, 2024
-
9.0
CVSS31CVE-2024-9798
The health endpoint is public so everybody can see a list of all services. It is potentially valuable information for attackers.... Read more
Affected Products :- Published: Oct. 10, 2024
- Modified: Oct. 10, 2024
-
9.8
CVSS31CVE-2024-9518
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and 'userplus_update_user_profile' functions. This makes it possible for unauthenticated at... Read more
Affected Products :- Published: Oct. 10, 2024
- Modified: Oct. 10, 2024
-
9.1
CVSS31CVE-2024-45160
Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret).... Read more
Affected Products :- Published: Oct. 09, 2024
- Modified: Oct. 09, 2024
-
9.8
CVSS31CVE-2024-9680
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR <... Read more
- Published: Oct. 09, 2024
- Modified: Oct. 09, 2024
-
9.1
CVSS31CVE-2024-8015
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.... Read more
Affected Products : telerik_reporting- Published: Oct. 09, 2024
- Modified: Oct. 09, 2024
-
9.1
CVSS31CVE-2023-46586
cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.... Read more
Affected Products :- Published: Oct. 09, 2024
- Modified: Oct. 09, 2024
-
9.8
CVSS31CVE-2024-44349
A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the underlying DB.... Read more
Affected Products :- Published: Oct. 08, 2024
- Modified: Oct. 08, 2024
-
9.8
CVSS31CVE-2024-43468
Microsoft Configuration Manager Remote Code Execution Vulnerability... Read more
Affected Products : configuration_manager- Published: Oct. 08, 2024
- Modified: Oct. 08, 2024
-
9.0
CVSS31CVE-2024-38124
Windows Netlogon Elevation of Privilege Vulnerability... Read more
- Published: Oct. 08, 2024
- Modified: Oct. 08, 2024
-
9.8
CVSS31CVE-2024-3057
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.... Read more
Affected Products :- Published: Oct. 08, 2024
- Modified: Oct. 08, 2024