Latest CVE Feed
-
9.8
CVSS31CVE-2024-47575
A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet For... Read more
Affected Products :- Actively Exploited
- Published: Oct. 23, 2024
- Modified: Oct. 24, 2024
-
9.8
CVSS31CVE-2024-46483
Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the SFTP server, which can lead to a heap overflow with attacker-controlled content.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024
-
9.9
CVSS31CVE-2024-20424
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying o... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.3
CVSS31CVE-2024-20412
A vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series could allow an unauthenticated, local attacker to access an affected system using static credentials. This vulnerability is due to th... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.8
CVSS31CVE-2024-40494
Buffer Overflow in coap_msg.c in FreeCoAP allows remote attackers to execute arbitrary code or cause a denial of service (stack buffer overflow) via a crafted packet.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024
-
9.0
CVSS31CVE-2024-26519
An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024
-
9.9
CVSS31CVE-2024-20329
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability is due to insufficient validation of user input. An ... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.9
CVSS31CVE-2024-49671
Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Ima... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.9
CVSS31CVE-2024-49669
Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through 4.1.2.... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
10.0
CVSS31CVE-2024-49668
Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through 1.0.... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.9
CVSS31CVE-2024-49658
Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0.... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.9
CVSS31CVE-2024-49653
Unrestricted Upload of File with Dangerous Type vulnerability in James Eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through 1.2.... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.9
CVSS31CVE-2024-49652
Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3.... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.8
CVSS31CVE-2024-44812
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024
-
10.0
CVSS31CVE-2024-47901
A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of a... Read more
Affected Products :- Published: Oct. 23, 2024
- Modified: Oct. 23, 2024
-
9.0
CVSS31CVE-2024-38002
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a wo... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024
-
9.8
CVSS31CVE-2024-41717
Kieback & Peter's DDC4000 series is vulnerable to a path traversal vulnerability, which may allow an unauthenticated attacker to read files on the system.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024
-
9.8
CVSS31CVE-2024-43698
Kieback & Peter's DDC4000 series uses weak credentials, which may allow an unauthenticated attacker to get full admin rights on the system.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024
-
9.3
CVSS31CVE-2024-46538
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024
-
9.6
CVSS31CVE-2024-8980
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA t... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 23, 2024