Latest CVE Feed
-
8.8
HIGHCVE-2024-37003
A maliciously crafted DWG and SLDPRT file, when parsed in opennurbs.dll and ODXSW_DLL.dll through Autodesk applications, can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, ... Read more
- Published: Jun. 25, 2024
- Modified: Aug. 27, 2025
-
7.8
HIGHCVE-2024-37002
A maliciously crafted MODEL file, when parsed in ASMkern229A.dllthrough Autodesk applications, can be used to uninitialized variables. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process.... Read more
- Published: Jun. 25, 2024
- Modified: Aug. 27, 2025
-
8.8
HIGHCVE-2024-37001
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in t... Read more
- Published: Jun. 25, 2024
- Modified: Aug. 27, 2025
-
8.8
HIGHCVE-2024-37000
A maliciously crafted X_B file, when parsed in pskernel.DLL through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution i... Read more
- Published: Jun. 25, 2024
- Modified: Aug. 27, 2025
-
7.8
HIGHCVE-2024-36999
A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk applications, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the contex... Read more
- Published: Jun. 25, 2024
- Modified: Aug. 27, 2025
-
9.1
CRITICALCVE-2024-36248
API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].... Read more
Affected Products :- Published: Nov. 26, 2024
- Modified: Aug. 27, 2025
-
9.1
CRITICALCVE-2024-35244
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected prod... Read more
Affected Products :- Published: Nov. 26, 2024
- Modified: Aug. 27, 2025
-
5.4
MEDIUMCVE-2024-34064
Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a sep... Read more
Affected Products : jinja- Published: May. 06, 2024
- Modified: Aug. 27, 2025
-
6.5
MEDIUMCVE-2024-33647
A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allowed pr... Read more
Affected Products : polarion_alm- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
9.8
CRITICALCVE-2024-33631
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. ... Read more
Affected Products :- Published: Apr. 29, 2024
- Modified: Aug. 27, 2025
-
4.3
MEDIUMCVE-2024-33542
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.... Read more
Affected Products : crelly_slider- Published: Apr. 29, 2024
- Modified: Aug. 27, 2025
-
5.4
MEDIUMCVE-2024-32085
Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0.... Read more
Affected Products : citadela_listing- Published: Apr. 15, 2024
- Modified: Aug. 27, 2025
-
9.1
CRITICALCVE-2024-32025
Kohya_ss is a GUI for Kohya's Stable Diffusion trainers. Kohya_ss is vulnerable to a command injection in `group_images_gui.py`. This vulnerability is fixed in 23.1.5.... Read more
Affected Products :- Published: Apr. 16, 2024
- Modified: Aug. 27, 2025
-
6.4
MEDIUMCVE-2024-31914
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func... Read more
- Published: Jan. 06, 2025
- Modified: Aug. 27, 2025
- Vuln Type: Cross-Site Scripting
-
2.6
LOWCVE-2024-30252
Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an a... Read more
Affected Products :- Published: Apr. 04, 2024
- Modified: Aug. 27, 2025
-
7.7
HIGHCVE-2025-24206
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network ... Read more
- Published: Apr. 29, 2025
- Modified: Aug. 27, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2024-30220
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer su... Read more
- Published: Apr. 15, 2024
- Modified: Aug. 27, 2025
-
5.5
MEDIUMCVE-2024-30039
Windows Remote Access Connection Manager Information Disclosure Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
7.8
HIGH- Published: May. 14, 2024
- Modified: Aug. 27, 2025
-
7.8
HIGHCVE-2024-30025
Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- Published: May. 14, 2024
- Modified: Aug. 27, 2025