Latest CVE Feed
-
7.2
HIGHCVE-2024-10793
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthentica... Read more
Affected Products : wp_activity_log- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
6.5
MEDIUMCVE-2024-45610
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XS... Read more
Affected Products : glpi- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
5.7
MEDIUMCVE-2024-45611
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another ... Read more
Affected Products : glpi- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
8.1
HIGHCVE-2024-43447
Windows SMBv3 Server Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2022- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
5.9
MEDIUMCVE-2024-38264
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
6.8
MEDIUMCVE-2024-43449
Windows USB Video Class System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2024-43450
Windows DNS Spoofing Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2024-43452
Windows Registry Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 +4 more products- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
8.8
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2021-41737
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route(3333333333333333333,2,1,2,3,1) : *;" leads to stack consumption.... Read more
Affected Products :- Published: Nov. 10, 2024
- Modified: Nov. 19, 2024
-
9.1
CRITICALCVE-2021-35473
An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handle... Read more
Affected Products :- Published: Nov. 10, 2024
- Modified: Nov. 19, 2024
-
8.8
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.1
HIGHCVE-2024-51679
Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0.... Read more
Affected Products : appointmind- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024
-
9.8
CRITICAL- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
8.7
HIGHCVE-2024-39609
Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
- Published: Nov. 13, 2024
- Modified: Nov. 19, 2024
-
8.7
HIGHCVE-2024-41167
Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
- Published: Nov. 13, 2024
- Modified: Nov. 19, 2024
-
8.1
HIGHCVE-2024-11208
A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity o... Read more
Affected Products : central_authentication_service- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024
-
9.8
CRITICALCVE-2024-50636
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 19, 2024
-
9.8
CRITICALCVE-2024-11209
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotel... Read more
Affected Products : central_authentication_service- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024