Latest CVE Feed
-
7.2
HIGHCVE-2023-51640
Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability... Read more
Affected Products : allegra- Published: Nov. 22, 2024
- Modified: Jan. 03, 2025
-
9.8
CRITICALCVE-2023-51639
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. ... Read more
Affected Products : allegra- Published: Nov. 22, 2024
- Modified: Jan. 03, 2025
-
9.8
CRITICALCVE-2023-51638
Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw... Read more
Affected Products : allegra- Published: Nov. 22, 2024
- Modified: Jan. 03, 2025
-
8.8
HIGHCVE-2023-51635
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to ex... Read more
- Published: Nov. 22, 2024
- Modified: Jan. 03, 2025
-
7.5
HIGHCVE-2023-51634
NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authenticati... Read more
- Published: Nov. 22, 2024
- Modified: Jan. 03, 2025
-
7.2
HIGHCVE-2023-39470
PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vu... Read more
Affected Products : papercut_ng- Published: Nov. 22, 2024
- Modified: Jan. 09, 2025
-
5.5
MEDIUMCVE-2024-52998
Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this i... Read more
- Published: Nov. 22, 2024
- Modified: Dec. 03, 2024
-
7.5
HIGHCVE-2024-52726
CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information... Read more
Affected Products : crmeb- Published: Nov. 22, 2024
- Modified: Jul. 07, 2025
-
7.5
HIGHCVE-2024-11618
A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The ... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
6.8
MEDIUMCVE-2024-50657
An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 27, 2024
-
5.4
MEDIUMCVE-2024-37783
A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx.... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
9.8
CRITICALCVE-2024-37782
An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field.... Read more
Affected Products : centrestack- Published: Nov. 22, 2024
- Modified: Nov. 27, 2024
-
9.8
CRITICALCVE-2024-53438
EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing ... Read more
Affected Products : churchcrm- Published: Nov. 22, 2024
- Modified: Mar. 28, 2025
-
7.5
HIGHCVE-2024-44786
Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Mar. 13, 2025
-
8.1
HIGHCVE-2024-10220
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.... Read more
Affected Products : kubernetes- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
2.8
LOWCVE-2024-52814
Argo Helm is a collection of community maintained charts for `argoproj.github.io` projects. Prior to version 0.45.0, the `workflow-role`) lacks granularity in its privileges, giving permissions to `workflowtasksets` and `workflowartifactgctasks` to all wo... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
7.5
HIGHCVE-2024-52804
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted... Read more
Affected Products : tornado- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
7.5
HIGHCVE-2024-52802
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processin... Read more
Affected Products : riot- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
5.1
MEDIUMCVE-2024-52793
The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the s... Read more
Affected Products :- Published: Nov. 22, 2024
- Modified: Nov. 22, 2024
-
9.8
CRITICALCVE-2024-52723
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.... Read more
- Published: Nov. 22, 2024
- Modified: Mar. 13, 2025