Latest CVE Feed
-
9.9
CRITICALCVE-2024-4872
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must ha... Read more
- Published: Aug. 27, 2024
- Modified: Oct. 30, 2024
-
4.3
MEDIUMCVE-2024-7941
An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.... Read more
Affected Products : microscada_x_sys600- Published: Aug. 27, 2024
- Modified: Oct. 30, 2024
-
7.5
HIGHCVE-2024-10290
A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The ... Read more
Affected Products : zzcms- Published: Oct. 23, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2024-48963
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory ... Read more
Affected Products : snyk_cli- Published: Oct. 23, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2024-10371
A vulnerability classified as critical has been found in SourceCodester Payroll Management System 1.0. This affects the function login of the file main. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be use... Read more
Affected Products : payroll_management_system- Published: Oct. 25, 2024
- Modified: Oct. 30, 2024
-
5.5
MEDIUMCVE-2024-50087
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fa... Read more
Affected Products : linux_kernel- Published: Oct. 29, 2024
- Modified: Oct. 30, 2024
-
5.4
MEDIUMCVE-2024-48119
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users can inject arbitrary HTML.... Read more
Affected Products : vtiger_crm- Published: Oct. 14, 2024
- Modified: Oct. 30, 2024
-
8.8
HIGHCVE-2024-34668
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more
- Published: Oct. 08, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2024-10350
A vulnerability was found in code-projects Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/add-doctor.php. The manipulation of the argument docname leads to sql injection. The at... Read more
- Published: Oct. 24, 2024
- Modified: Oct. 30, 2024
-
8.8
HIGHCVE-2024-34667
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more
- Published: Oct. 08, 2024
- Modified: Oct. 30, 2024
-
8.8
HIGHCVE-2024-34666
Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more
- Published: Oct. 08, 2024
- Modified: Oct. 30, 2024
-
8.8
HIGHCVE-2024-34665
Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more
- Published: Oct. 08, 2024
- Modified: Oct. 30, 2024
-
8.8
HIGHCVE-2024-34669
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.... Read more
- Published: Oct. 08, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2024-7763
In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.... Read more
Affected Products : whatsup_gold- Published: Oct. 24, 2024
- Modified: Oct. 30, 2024
-
7.2
HIGHCVE-2024-10337
A vulnerability classified as critical has been found in SourceCodeHero Clothes Recommendation System 1.0. Affected is an unknown function of the file /admin/home.php?con=add. The manipulation of the argument cat/subcat/ t1/t2/text leads to sql injection.... Read more
Affected Products : clothes_recommendation_system- Published: Oct. 24, 2024
- Modified: Oct. 30, 2024
-
7.2
HIGHCVE-2024-10338
A vulnerability classified as critical was found in SourceCodeHero Clothes Recommendation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/home.php. The manipulation of the argument view/view1 leads to sql injectio... Read more
Affected Products : clothes_recommendation_system- Published: Oct. 24, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2024-7824
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2... Read more
Affected Products : secureanywhere_web_shield- Published: Oct. 03, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2024-7825
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrUrl.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2... Read more
Affected Products : secureanywhere_web_shield- Published: Oct. 03, 2024
- Modified: Oct. 30, 2024
-
9.8
CRITICALCVE-2024-7826
Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows, ARM, 64 bit, 32 bit (wrURL.Dll modules) allows Functionality Misuse.This issue affects SecureAnywhere - Web Shield: before 2.1.2.3.... Read more
Affected Products : secureanywhere_web_shield- Published: Oct. 03, 2024
- Modified: Oct. 30, 2024
-
8.8
HIGHCVE-2024-48964
The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directo... Read more
Affected Products : snyk_cli- Published: Oct. 23, 2024
- Modified: Oct. 30, 2024