Latest CVE Feed
-
6.7
MEDIUMCVE-2024-23312
Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Nov. 13, 2024
- Modified: Nov. 15, 2024
-
2.2
LOWCVE-2024-28030
NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access.... Read more
Affected Products :- Published: Nov. 13, 2024
- Modified: Nov. 15, 2024
-
8.8
HIGHCVE-2024-10962
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This... Read more
- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.1
HIGHCVE-2024-51687
Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly Platform.Ly Official allows Stored XSS.This issue affects Platform.Ly Official: from n/a through 1.1.3.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-52379
Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.5
HIGHCVE-2024-47916
Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.1
HIGHCVE-2024-51688
Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
5.3
MEDIUMCVE-2024-5918
An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate... Read more
Affected Products : pan-os- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.5
HIGHCVE-2024-47915
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
9.3
CRITICALCVE-2024-9834
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.7
HIGHCVE-2022-31666
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.... Read more
Affected Products : harbor- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-48967
The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make u... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
9.3
CRITICALCVE-2024-9832
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to ... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
9.9
CRITICALCVE-2024-52369
Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-52376
Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-52374
Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
9.8
CRITICALCVE-2024-52382
Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-52380
Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-52372
Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through 7.0.0.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.3
HIGHCVE-2024-6068
A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malici... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024