Latest CVE Feed
-
8.9
HIGHCVE-2024-39809
The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more
Affected Products : big-ip_next_central_manager- Published: Aug. 14, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-39949
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-39948
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-39947
A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-39389
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... Read more
- Published: Aug. 14, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2024-39946
A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
6.9
MEDIUMCVE-2024-7912
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory list... Read more
Affected Products : online_railway_reservation_system- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-39950
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-7913
A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql i... Read more
Affected Products : billing_system- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
5.4
MEDIUMCVE-2024-7914
A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site s... Read more
- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-39944
A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
9.0
HIGHCVE-2024-7832
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 ... Read more
Affected Products : dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-320l dns-120_firmware dns-120 dnr-202l_firmware dnr-202l dns-315l_firmware dns-315l +30 more products- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-7833
A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiat... Read more
- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-42475
In the OAuth library for nim prior to version 0.11, the `state` values generated by the `generateState` function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the us... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-42476
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the `state` parameter to prevent cross-site request forgery (CSRF) attacks where a resource owner might have their session associated with pro... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
8.6
HIGHCVE-2024-43357
ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript (JavaScript) specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-43367
Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's `AsyncGenerator` operations can cause an uncaught exception on certain script... Read more
Affected Products :- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
8.5
HIGHCVE-2024-6456
AVEVA Historian Server has a vulnerability, if exploited, could allow a malicious SQL command to execute under the privileges of an interactive Historian REST Interface user who had been socially engineered by a miscreant into opening a specially crafted ... Read more
Affected Products : historian- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2024-43369
Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists `javascript:` and `vbscript:` in links to pr... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-43378
calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users who installed NixOS through the graphical installer who used manual disk partitioning to create a setup where the system was booted via legacy... Read more
Affected Products : calamares-nixos-extensions- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024