Latest CVE Feed
-
7.3
CVSS31CVE-2024-45801
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possibl... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
7.3
CVSS31CVE-2024-45799
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browse... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
5.4
CVSS31CVE-2024-39910
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The WYSWYG editor QuillJS is subject to potential XSS attach in case the attacker manages to modify the HTML before being upload... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
6.8
CVSS31CVE-2024-32034
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attach in case an admin assigns a valuator to a proposal, or ... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2024-8661
Concrete CMS versions 9.0.0 to 9.3.4 and below 8.5.18 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. The Concrete CMS Security Team gav... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
0.0
NONECVE-2023-45854
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
4.7
CVSS31CVE-2024-32666
NULL pointer dereference in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable denial of service via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
7.5
CVSS31CVE-2024-21829
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
7.9
CVSS31CVE-2024-23599
Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
2.5
CVSS31CVE-2023-25546
Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
5.3
CVSS31CVE-2024-24968
Improper finite state machines (FSMs) in hardware logic in some Intel(R) Processors may allow an privileged user to potentially enable a denial of service via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
3.3
CVSS31CVE-2024-28170
Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to potentially enable information disclosure via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
6.5
CVSS31CVE-2024-33848
Uncaught exception in Intel(R) RAID Web Console software all versions may allow an authenticated user to potentially enable denial of service via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
6.7
CVSS31CVE-2024-34153
Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
8.2
CVSS31CVE-2023-42772
Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
5.3
CVSS31CVE-2024-23984
Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
7.5
CVSS31CVE-2023-41833
A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
6.1
CVSS31CVE-2023-23904
NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
7.2
CVSS31CVE-2024-21781
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024
-
6.1
CVSS31CVE-2023-22351
Out-of-bounds write in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.... Read more
Affected Products :- Published: Sep. 16, 2024
- Modified: Sep. 16, 2024