Latest CVE Feed
-
9.1
CRITICALCVE-2024-51748
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by ... Read more
Affected Products : kanboard- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-51574
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Simple Goods allows Stored XSS.This issue affects Simple Goods: from n/a through 0.1.3.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
8.5
HIGHCVE-2024-51845
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Richteam Share Buttons – Social Media allows Blind SQL Injection.This issue affects Share Buttons – Social Media: from n/a through 1.0.2.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2024-51792
Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
10.0
CRITICALCVE-2024-51789
Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-51571
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MasterBip MasterBip para Elementor allows DOM-Based XSS.This issue affects MasterBip para Elementor: from n/a through 1.6.3.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
8.8
HIGHCVE-2024-47590
An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in th... Read more
Affected Products :- Published: Nov. 12, 2024
- Modified: Nov. 12, 2024
-
5.3
MEDIUMCVE-2024-47586
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and r... Read more
Affected Products : netweaver_application_server_abap- Published: Nov. 12, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-42372
Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.... Read more
Affected Products :- Published: Nov. 12, 2024
- Modified: Nov. 12, 2024
-
3.5
LOWCVE-2024-47587
Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.... Read more
Affected Products :- Published: Nov. 12, 2024
- Modified: Nov. 12, 2024
-
9.1
CRITICALCVE-2024-51747
Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `... Read more
Affected Products : kanboard- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
6.5
MEDIUMCVE-2024-51575
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Extender All In One For Elementor allows Stored XSS.This issue affects Extender All In One For Elementor: from n/a through 1.0.3.... Read more
Affected Products :- Published: Nov. 11, 2024
- Modified: Nov. 12, 2024
-
5.4
MEDIUMCVE-2024-10790
The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for... Read more
Affected Products : admin_and_site_enhancements- Published: Nov. 12, 2024
- Modified: Nov. 12, 2024
-
6.1
MEDIUMCVE-2024-9357
The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... Read more
Affected Products :- Published: Nov. 12, 2024
- Modified: Nov. 12, 2024
-
8.1
HIGHCVE-2024-47295
Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for the details of the affected versions, see the inf... Read more
Affected Products :- Published: Oct. 01, 2024
- Modified: Nov. 11, 2024
-
8.9
HIGHCVE-2024-7059
A high-severity vulnerability that can lead to arbitrary code execution on the system hosting the Web SDK role was found in the Genetec Security Center product line.... Read more
Affected Products : security_center- Published: Nov. 05, 2024
- Modified: Nov. 09, 2024
-
7.8
HIGH- Published: Oct. 08, 2024
- Modified: Nov. 08, 2024
-
8.8
HIGHCVE-2024-44021
Missing Authorization vulnerability in Truepush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Truepush: from n/a through 1.0.8.... Read more
Affected Products : truepush- Published: Nov. 01, 2024
- Modified: Nov. 08, 2024
-
5.5
MEDIUMCVE-2024-50109
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run... Read more
Affected Products : linux_kernel- Published: Nov. 05, 2024
- Modified: Nov. 08, 2024
-
6.5
MEDIUMCVE-2024-6762
Jetty PushSessionCacheFilter can be exploited by unauthenticated users to launch remote DoS attacks by exhausting the server’s memory.... Read more
Affected Products : jetty- Published: Oct. 14, 2024
- Modified: Nov. 08, 2024