Latest CVE Feed
-
10.0
CVSS31CVE-2024-8888
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
10.0
CVSS31CVE-2024-8887
CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalitie... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.9
CVSS31CVE-2024-45798
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml`... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
9.9
CVSS30CVE-2024-8767
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
9.9
CVSS31CVE-2024-46986
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on t... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.8
CVSS31CVE-2024-38812
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leadin... Read more
- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
9.8
CVSS31CVE-2024-34399
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer suppor... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.8
CVSS31CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.8
CVSS31CVE-2024-44542
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.3
CVSS31CVE-2024-43976
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 6.9.7.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
9.3
CVSS31CVE-2024-44004
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPTaskForce WPCargo Track & Trace allows SQL Injection.This issue affects WPCargo Track & Trace: from n/a through 7.0.6.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
9.3
CVSS31CVE-2024-43978
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a before 6.9.8.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
9.3
CVSS31CVE-2024-8889
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP pro... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.1
CVSS31CVE-2024-8956
PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
9.0
CVSS31CVE-2024-34026
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can ... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
8.8
CVSS31CVE-2024-46362
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
8.8
CVSS31CVE-2024-46085
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
8.8
CVSS31CVE-2024-45682
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
8.8
CVSS31CVE-2024-38183
An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.... Read more
Affected Products : groupme- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
8.8
CVSS31CVE-2024-43778
OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024