Latest CVE Feed
-
9.8
CRITICALCVE-2024-11258
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can ... Read more
Affected Products : beauty_parlour_management_system- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
6.5
MEDIUMCVE-2024-45609
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XSS vuln... Read more
Affected Products : glpi- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
5.5
MEDIUMCVE-2024-49536
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issu... Read more
- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
7.2
HIGHCVE-2024-10260
The Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 8.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to... Read more
Affected Products : tripetto- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
4.3
MEDIUMCVE-2024-10582
The Music Player for Elementor – Audio Player & Podcast Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_mpfe_template() function in all versions up to, and including, 2.4.1. Th... Read more
Affected Products : music_player_for_elementor- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
7.2
HIGHCVE-2024-10793
The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthentica... Read more
Affected Products : wp_activity_log- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
6.5
MEDIUMCVE-2024-45610
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI technician in order to exploit a reflected XS... Read more
Affected Products : glpi- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
5.7
MEDIUMCVE-2024-45611
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can bypass the access control policy to create a private RSS feed attached to another ... Read more
Affected Products : glpi- Published: Nov. 15, 2024
- Modified: Nov. 19, 2024
-
8.1
HIGHCVE-2024-43447
Windows SMBv3 Server Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2022- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
5.9
MEDIUMCVE-2024-38264
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
6.8
MEDIUMCVE-2024-43449
Windows USB Video Class System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +9 more products- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2024-43450
Windows DNS Spoofing Vulnerability... Read more
- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2024-43452
Windows Registry Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 +4 more products- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
8.8
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGHCVE-2021-41737
In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route(3333333333333333333,2,1,2,3,1) : *;" leads to stack consumption.... Read more
Affected Products :- Published: Nov. 10, 2024
- Modified: Nov. 19, 2024
-
9.1
CRITICALCVE-2021-35473
An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handle... Read more
Affected Products :- Published: Nov. 10, 2024
- Modified: Nov. 19, 2024
-
8.8
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.1
HIGHCVE-2024-51679
Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0.... Read more
Affected Products : appointmind- Published: Nov. 14, 2024
- Modified: Nov. 19, 2024
-
9.8
CRITICAL- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024
-
7.5
HIGH- Published: Nov. 12, 2024
- Modified: Nov. 19, 2024