Latest CVE Feed
-
7.6
CVSS31CVE-2024-43969
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.12.... Read more
Affected Products : spiffy_calendar- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.6
CVSS31CVE-2021-27915
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated acces... Read more
Affected Products : mautic- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.5
CVSS31CVE-2024-39589
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker c... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28455
An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-39590
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker c... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-6878
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows Collect Data from Common Resource Locations.This issue affects Panel: before v2.3.24.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-8768
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.5
CVSS31CVE-2024-36980
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-49203
Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28457
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-8287
Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before th... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-46982
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this c... Read more
Affected Products : next.js- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.5
CVSS31CVE-2024-45601
Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability w... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-36981
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-38813
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.... Read more
- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.5
CVSS31CVE-2024-8110
Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may resta... Read more
Affected Products :- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.5
CVSS31CVE-2023-28456
An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28451
An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit wo... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.3
CVSS31CVE-2024-8948
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exp... Read more
Affected Products : micropython- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024
-
7.3
CVSS31CVE-2024-8946
A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible... Read more
Affected Products : micropython- Published: Sep. 17, 2024
- Modified: Sep. 17, 2024