Latest CVE Feed
-
6.5
MEDIUMCVE-2024-9917
A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible... Read more
Affected Products : usualtoolcms- Published: Oct. 13, 2024
- Modified: Oct. 19, 2024
-
7.2
HIGHCVE-2024-9918
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be in... Read more
Affected Products : usualtoolcms- Published: Oct. 13, 2024
- Modified: Oct. 19, 2024
-
7.5
HIGHCVE-2024-9820
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, which makes it possible to bypass two-factor authentication... Read more
Affected Products : wp_2fa_with_telegram- Published: Oct. 15, 2024
- Modified: Oct. 19, 2024
-
8.8
HIGHCVE-2024-9968
WebEIP v3.0 from NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affected product is no longer maintained. It is recommended ... Read more
Affected Products : webeip- Published: Oct. 15, 2024
- Modified: Oct. 19, 2024
-
7.2
HIGHCVE-2024-45330
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.... Read more
- Published: Oct. 08, 2024
- Modified: Oct. 19, 2024
-
7.2
HIGHCVE-2024-9180
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1.16.11... Read more
- Published: Oct. 10, 2024
- Modified: Oct. 18, 2024
-
7.3
HIGHCVE-2024-49390
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more
Affected Products : cyber_files- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
7.8
HIGHCVE-2024-49389
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more
Affected Products : cyber_files- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
5.7
MEDIUMCVE-2024-49386
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more
Affected Products : cyber_files- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
7.3
HIGHCVE-2024-49391
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more
Affected Products : cyber_files- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
5.7
MEDIUMCVE-2024-49392
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.... Read more
Affected Products : cyber_files- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
8.1
HIGHCVE-2024-33453
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
7.5
HIGHCVE-2024-21274
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network acces... Read more
Affected Products : weblogic_server- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024
-
7.5
HIGHCVE-2024-21260
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more
Affected Products : weblogic_server- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024
-
7.5
HIGHCVE-2024-21234
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more
Affected Products : weblogic_server- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024
-
7.5
HIGHCVE-2024-21246
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more
Affected Products : service_bus- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024
-
7.6
HIGHCVE-2024-21191
Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged at... Read more
- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024
-
7.5
HIGHCVE-2024-21190
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with n... Read more
- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024
-
4.8
MEDIUMCVE-2024-21235
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Ora... Read more
- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024
-
9.8
CRITICALCVE-2024-21216
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more
Affected Products : weblogic_server- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024