Latest CVE Feed
-
0.0
NONECVE-2024-46550
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.8
CVSS31CVE-2024-45858
An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a maliciously crafted XML file containing Python code, the code wil... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.8
CVSS31CVE-2024-44542
SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-39590
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker c... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-39589
Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker c... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-36981
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2024-36980
An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can send a serie... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.8
CVSS31CVE-2024-35515
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
9.0
CVSS31CVE-2024-34026
A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker can ... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-49203
Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response in a burst of traffic.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28457
An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28456
An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28455
An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
0.0
NONECVE-2023-28452
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge ... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.5
CVSS31CVE-2023-28451
An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of service) for normal resolution. The effects of an exploit wo... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
8.3
CVSS31CVE-2022-25776
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing. Users could potentially access sensitive data such as names and surnames, company names and stage names.... Read more
Affected Products : mautic- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
6.6
CVSS31CVE-2022-25775
Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manip... Read more
Affected Products : mautic- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
4.8
CVSS31CVE-2022-25774
Prior to the patched version, logged in users of Mautic are vulnerable to a self XSS vulnerability in the notifications within Mautic. Users could inject malicious code into the notification when saving Dashboards.... Read more
Affected Products : mautic- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
7.2
CVSS31CVE-2022-25769
ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, no... Read more
Affected Products : mautic- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024
-
5.3
CVSS31CVE-2024-8891
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.... Read more
Affected Products :- Published: Sep. 18, 2024
- Modified: Sep. 18, 2024