Latest CVE Feed
-
9.8
CRITICALCVE-2024-33066
Memory corruption while redirecting log file to any file location with any file name.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33069
Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware sw5100_firmware sw5100p_firmware +78 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33070
Transient DOS while parsing ESP IE from beacon/probe response frame.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-33071
Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0.... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
5.3
MEDIUMCVE-2024-48790
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process.... Read more
Affected Products :- Published: Oct. 14, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-48782
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-48781
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-44775
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service(DoS) via a crafted request.... Read more
Affected Products :- Published: Oct. 15, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.... Read more
Affected Products :- Published: Oct. 11, 2024
- Modified: Oct. 16, 2024
-
9.1
CRITICALCVE-2024-44730
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.... Read more
Affected Products :- Published: Oct. 11, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGHCVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.... Read more
Affected Products :- Published: Oct. 11, 2024
- Modified: Oct. 16, 2024
-
7.7
HIGHCVE-2024-43687
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (banner config modules) allows Cross-Site Scripting (XSS).This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more
- Published: Oct. 04, 2024
- Modified: Oct. 16, 2024
-
7.1
HIGHCVE-2024-38097
Azure Monitor Agent Elevation of Privilege Vulnerability... Read more
Affected Products : azure_monitor_agent- Published: Oct. 08, 2024
- Modified: Oct. 16, 2024
-
7.5
HIGH- Published: Oct. 08, 2024
- Modified: Oct. 16, 2024
-
6.1
MEDIUMCVE-2024-43686
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects TimeProvider 4100: from 1.0 before 2.4.7.... Read more
- Published: Oct. 04, 2024
- Modified: Oct. 16, 2024
-
8.2
HIGHCVE-2024-43365
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected ... Read more
Affected Products : cacti- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
8.8
HIGHCVE-2024-45291
PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedIm... Read more
- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-46532
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.... Read more
Affected Products :- Published: Oct. 11, 2024
- Modified: Oct. 16, 2024
-
9.8
CRITICALCVE-2024-10018
Improper permission control in the mobile application (com.transsion.aivoiceassistant) can lead to the launch of any unexported component.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
8.4
HIGHCVE-2024-38399
Memory corruption while processing user packets to generate page faults.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware sa8295p_firmware wcd9380_firmware wsa8810_firmware +70 more products- Published: Oct. 07, 2024
- Modified: Oct. 16, 2024