Latest CVE Feed
-
10.0
CRITICALCVE-2024-52373
Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through 2.0.1.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-52375
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.5
HIGHCVE-2024-52383
Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemin... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
8.1
HIGHCVE-2024-52381
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through 1.1.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.5
HIGHCVE-2024-52378
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Labs64 DigiPass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through 0.3.0.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.1
HIGHCVE-2024-51684
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO allows Stored XSS.This issue affects W3P SEO: from n/a before 1.8.6.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
9.3
CRITICALCVE-2024-48970
The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unautho... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.5
HIGHCVE-2024-45254
VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
6.5
MEDIUMCVE-2024-11215
Absolute path traversal (incorrect restriction of a path to a restricted directory) vulnerability in the EasyPHP web server, affecting version 14.1. This vulnerability could allow remote users to bypass SecurityManager restrictions and retrieve any file s... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-52377
Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
8.6
HIGHCVE-2024-52371
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway.This issue affects Global Gateway e4 | Payeezy Gateway: from n/a through 2.0.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.5
HIGHCVE-2022-2232
A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions.... Read more
- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
8.8
HIGHCVE-2024-10962
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This... Read more
- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
8.7
HIGHCVE-2024-9472
A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specif... Read more
Affected Products : pan-os- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
8.8
HIGHCVE-2024-52554
Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to ... Read more
Affected Products :- Published: Nov. 13, 2024
- Modified: Nov. 15, 2024
-
9.1
CRITICALCVE-2024-37285
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices ... Read more
Affected Products : kibana- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
7.5
HIGHCVE-2024-47915
VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
10.0
CRITICALCVE-2024-48966
The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipu... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
9.3
CRITICALCVE-2024-48973
The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have u... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024
-
9.9
CRITICALCVE-2024-52370
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.1.... Read more
Affected Products :- Published: Nov. 14, 2024
- Modified: Nov. 15, 2024