Latest CVE Feed
-
9.8
CRITICALCVE-2024-7954
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.... Read more
Affected Products : spip- Published: Aug. 23, 2024
- Modified: Aug. 23, 2024
-
4.8
MEDIUMCVE-2024-7427
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Network Node Manager i (NNMi) could allow Cross-Site Scripting (XSS).This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05,... Read more
Affected Products :- Published: Aug. 23, 2024
- Modified: Aug. 23, 2024
-
6.1
MEDIUMCVE-2024-43794
OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specia... Read more
Affected Products :- Published: Aug. 23, 2024
- Modified: Aug. 23, 2024
-
4.8
MEDIUMCVE-2024-7428
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2.... Read more
Affected Products :- Published: Aug. 23, 2024
- Modified: Aug. 23, 2024
-
8.8
HIGHCVE-2024-41976
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M8... Read more
Affected Products : scalance_m804pb_firmware scalance_m874-2_firmware scalance_m874-3_firmware scalance_m876-3_firmware scalance_m876-4_firmware ruggedcom_rm1224_lte\(4g\)_eu_firmware ruggedcom_rm1224_lte\(4g\)_nam_firmware scalance_m826-2_shdsl-router_firmware scalance_m804pb scalance_m874-2 +42 more products- Published: Aug. 13, 2024
- Modified: Aug. 23, 2024
-
8.0
HIGHCVE-2024-41977
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M8... Read more
Affected Products : scalance_m804pb_firmware scalance_m874-2_firmware scalance_m874-3_firmware scalance_m876-3_firmware scalance_m876-4_firmware ruggedcom_rm1224_lte\(4g\)_eu_firmware ruggedcom_rm1224_lte\(4g\)_nam_firmware scalance_m826-2_shdsl-router_firmware scalance_m804pb scalance_m874-2 +42 more products- Published: Aug. 13, 2024
- Modified: Aug. 23, 2024
-
7.5
HIGHCVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.... Read more
Affected Products : axios- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
8.0
HIGHCVE-2024-42915
A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This will allow attackers to arbitrarily reset other users' passwords and com... Read more
Affected Products :- Published: Aug. 23, 2024
- Modified: Aug. 23, 2024
-
7.1
HIGHCVE-2024-41978
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.1), SCALANCE M8... Read more
Affected Products : scalance_m804pb_firmware scalance_m874-2_firmware scalance_m874-3_firmware scalance_m876-3_firmware scalance_m876-4_firmware ruggedcom_rm1224_lte\(4g\)_eu_firmware ruggedcom_rm1224_lte\(4g\)_nam_firmware scalance_m826-2_shdsl-router_firmware scalance_m804pb scalance_m874-2 +42 more products- Published: Aug. 13, 2024
- Modified: Aug. 23, 2024
-
4.3
MEDIUMCVE-2024-43032
autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.... Read more
Affected Products :- Published: Aug. 23, 2024
- Modified: Aug. 23, 2024
-
4.3
MEDIUMCVE-2024-43031
autMan v2.9.6 was discovered to contain an access control issue.... Read more
Affected Products :- Published: Aug. 23, 2024
- Modified: Aug. 23, 2024
-
9.8
CRITICALCVE-2024-20450
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying... Read more
Affected Products : small_business_ip_phone_firmware spa_501g_firmware spa_502g_firmware spa_504g_firmware spa_508g_firmware spa_509g_firmware spa_512g_firmware spa_514g_firmware spa_525g_firmware spa_301_firmware +14 more products- Published: Aug. 07, 2024
- Modified: Aug. 23, 2024
-
7.5
HIGHCVE-2024-20451
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpecte... Read more
Affected Products : spa_501g_firmware spa_502g_firmware spa_504g_firmware spa_508g_firmware spa_509g_firmware spa_512g_firmware spa_514g_firmware spa_525g_firmware spa_301_firmware spa_303_firmware +12 more products- Published: Aug. 07, 2024
- Modified: Aug. 23, 2024
-
9.8
CRITICALCVE-2024-20454
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying... Read more
Affected Products : spa_501g_firmware spa_502g_firmware spa_504g_firmware spa_508g_firmware spa_509g_firmware spa_512g_firmware spa_514g_firmware spa_525g_firmware spa_301_firmware spa_303_firmware +12 more products- Published: Aug. 07, 2024
- Modified: Aug. 23, 2024
-
9.2
CRITICALCVE-2024-21877
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: f... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
9.3
CRITICALCVE-2024-21876
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envo... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
9.8
CRITICALCVE-2024-21878
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: fr... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
8.8
HIGHCVE-2024-21879
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: fr... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
8.6
HIGHCVE-2024-21880
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
9.8
CRITICALCVE-2024-40453
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.... Read more
Affected Products : squirrelly- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024