Latest CVE Feed
-
7.8
HIGHCVE-2024-8594
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in th... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8593
A maliciously crafted CATPART file, when parsed in ASMKERN230A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary co... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8592
A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code ... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep +3 more products- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
7.8
HIGHCVE-2024-8591
A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary ... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8590
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the contex... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8589
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in t... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-8588
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in t... Read more
Affected Products : windows autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +3 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-7992
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +6 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
7.8
HIGHCVE-2024-7991
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute ... Read more
Affected Products : autocad advance_steel autocad_architecture autocad_civil_3d autocad_electrical autocad_lt autocad_map_3d autocad_mechanical autocad_mep autocad_plant_3d +6 more products- Published: Oct. 29, 2024
- Modified: Apr. 11, 2025
-
5.3
MEDIUMCVE-2024-50454
Missing Authorization vulnerability in The SEO Guys at SEOPress SEOPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEOPress: from n/a through 8.1.1.... Read more
Affected Products :- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
9.8
CRITICALCVE-2024-50428
Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21.... Read more
Affected Products : multi_step_form- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
6.5
MEDIUMCVE-2024-50425
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Veribo, Roland Murg WP Booking System.This issue affects WP Booking System: from n/a through 2.0.19.10.... Read more
Affected Products :- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
6.5
MEDIUMCVE-2024-50424
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.... Read more
Affected Products :- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
5.4
MEDIUMCVE-2024-50423
Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.... Read more
Affected Products :- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
5.3
MEDIUMCVE-2024-50422
Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.1.14.... Read more
Affected Products :- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
5.3
MEDIUMCVE-2024-50421
Missing Authorization vulnerability in WP Overnight WooCommerce PDF Invoices & Packing Slips allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce PDF Invoices & Packing Slips: from n/a through 3.8.6.... Read more
Affected Products : woocommerce_pdf_invoices\&_packing_slips- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
9.8
CRITICALCVE-2024-48573
A NoSQL injection vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature.... Read more
Affected Products : aquilacms- Published: Oct. 29, 2024
- Modified: Apr. 22, 2025
-
5.3
MEDIUMCVE-2024-48572
A User enumeration vulnerability in AquilaCMS 1.409.20 and prior allows unauthenticated attackers to obtain email addresses via the "Add a user" feature. The vulnerability occurs due to insufficiently validated user input being processed as a regular expr... Read more
Affected Products : aquilacms- Published: Oct. 29, 2024
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2024-48138
A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.... Read more
Affected Products :- Published: Oct. 29, 2024
- Modified: Nov. 01, 2024
-
9.8
CRITICALCVE-2024-44081
In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format.... Read more
Affected Products : jitsi_meet- Published: Oct. 29, 2024
- Modified: Jul. 10, 2025