Latest CVE Feed
-
8.8
HIGHCVE-2024-10502
A vulnerability has been found in ESAFENET CDG 5 and classified as critical. This vulnerability affects the function getOneFileDirectory of the file /com/esafenet/servlet/fileManagement/FileDirectoryService.java. The manipulation of the argument directory... Read more
Affected Products : cdg- Published: Oct. 30, 2024
- Modified: Nov. 06, 2024
-
8.8
HIGHCVE-2024-10501
A vulnerability, which was classified as critical, was found in ESAFENET CDG 5. This affects the function findById of the file /com/esafenet/servlet/document/ExamCDGDocService.java. The manipulation of the argument id leads to sql injection. It is possibl... Read more
Affected Products : cdg- Published: Oct. 30, 2024
- Modified: Nov. 06, 2024
-
8.8
HIGHCVE-2024-10500
A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/policy/HookWhiteListService.java. The manipulation of the argument policyId leads t... Read more
Affected Products : cdg- Published: Oct. 30, 2024
- Modified: Nov. 05, 2024
-
10.0
CRITICALCVE-2024-51568
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.... Read more
Affected Products : cyberpanel- Published: Oct. 29, 2024
- Modified: Jul. 07, 2025
-
10.0
CRITICALCVE-2024-51567
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST ... Read more
Affected Products : cyberpanel- Actively Exploited
- Published: Oct. 29, 2024
- Modified: Apr. 03, 2025
-
10.0
CRITICALCVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which... Read more
Affected Products : cyberpanel- Actively Exploited
- Published: Oct. 29, 2024
- Modified: Jul. 30, 2025
-
5.4
MEDIUMCVE-2024-50348
InstantCMS is a free and open source content management system. In photo upload function in the photo album page there is no input validation taking place. Due to this attackers are able to inject the XSS (Cross Site Scripting) payload and execute. This v... Read more
Affected Products : instantcms- Published: Oct. 29, 2024
- Modified: Nov. 06, 2024
-
7.8
HIGHCVE-2024-9997
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the conte... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +6 more products- Published: Oct. 29, 2024
- Modified: Apr. 04, 2025
-
7.8
HIGHCVE-2024-9996
A maliciously crafted DWG file, when parsed in acdb25.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +6 more products- Published: Oct. 29, 2024
- Modified: Feb. 10, 2025
-
7.8
HIGHCVE-2024-9827
A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-9826
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-9489
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +6 more products- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
7.8
HIGHCVE-2024-8896
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code i... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +6 more products- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
7.8
HIGHCVE-2024-8600
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in th... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8599
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in th... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8598
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in th... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8597
A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8596
A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code i... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8595
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the con... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8594
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in th... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025