Latest CVE Feed
-
8.8
HIGHCVE-2024-50930
An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
6.2
MEDIUMCVE-2024-50929
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS).... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
6.5
MEDIUMCVE-2024-50928
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
6.5
MEDIUMCVE-2024-50924
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
6.5
MEDIUMCVE-2024-50921
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
8.8
HIGHCVE-2024-50920
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 01, 2025
-
8.0
HIGHCVE-2024-50699
TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account.... Read more
- Published: Dec. 10, 2024
- Modified: Jul. 02, 2025
-
9.8
CRITICALCVE-2024-46442
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack.... Read more
Affected Products :- Published: Dec. 10, 2024
- Modified: Dec. 11, 2024
-
9.1
CRITICALCVE-2024-11773
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.... Read more
Affected Products : cloud_services_appliance- Published: Dec. 10, 2024
- Modified: Jan. 17, 2025
-
9.1
CRITICALCVE-2024-11772
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more
Affected Products : cloud_services_appliance- Published: Dec. 10, 2024
- Modified: Jan. 17, 2025
-
10.0
CRITICALCVE-2024-11639
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access... Read more
Affected Products : cloud_services_appliance- Published: Dec. 10, 2024
- Modified: Jan. 17, 2025
-
9.1
CRITICALCVE-2024-11634
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx)... Read more
- Published: Dec. 10, 2024
- Modified: Jan. 17, 2025
-
9.1
CRITICALCVE-2024-11633
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution... Read more
Affected Products : connect_secure- Published: Dec. 10, 2024
- Modified: Jan. 17, 2025
-
7.1
HIGHCVE-2024-10256
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files.... Read more
- Published: Dec. 10, 2024
- Modified: Aug. 12, 2025
-
5.8
MEDIUMCVE-2024-53866
The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don... Read more
Affected Products : pnpm- Published: Dec. 10, 2024
- Modified: Dec. 10, 2024
-
8.8
HIGHCVE-2024-53247
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remo... Read more
- Published: Dec. 10, 2024
- Modified: Jan. 02, 2025
-
7.5
HIGHCVE-2024-53246
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the ... Read more
- Published: Dec. 10, 2024
- Modified: Dec. 10, 2024
-
4.3
MEDIUMCVE-2024-53245
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles, that has a username with the same name as a role with read acc... Read more
- Published: Dec. 10, 2024
- Modified: Mar. 06, 2025
-
5.7
MEDIUMCVE-2024-53244
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a... Read more
- Published: Dec. 10, 2024
- Modified: Dec. 10, 2024
-
4.3
MEDIUMCVE-2024-53243
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see ale... Read more
- Published: Dec. 10, 2024
- Modified: Dec. 10, 2024