Latest CVE Feed
-
9.8
CVSS31CVE-2024-54661
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
9.8
CVSS31CVE-2024-52544
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
9.3
CVSS31CVE-2024-54221
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roninwp FAT Services Booking.This issue affects FAT Services Booking: from n/a through 5.6.... Read more
Affected Products :- Published: Dec. 05, 2024
- Modified: Dec. 05, 2024
-
8.8
CVSS31CVE-2024-46624
An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 04, 2024
-
8.8
CVSS30CVE-2024-42456
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specif... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.8
CVSS31CVE-2024-51465
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.8
CVSS31CVE-2024-10587
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.8
CVSS31CVE-2024-10074
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.... Read more
Affected Products : openharmony- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
8.8
CVSS31CVE-2024-12053
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)... Read more
Affected Products : chrome- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
8.8
CVSS30CVE-2024-42452
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server w... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.8
CVSS30CVE-2024-40717
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network sh... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.8
CVSS31CVE-2024-11643
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and inc... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.3
CVSS31CVE-2024-42422
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.... Read more
Affected Products : networker- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
8.1
CVSS31CVE-2024-45106
Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to tr... Read more
Affected Products : ozone- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
8.1
CVSS31CVE-2024-11293
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.1
CVSS31CVE-2024-49415
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.... Read more
Affected Products : android- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
8.1
CVSS31CVE-2024-53999
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a m... Read more
Affected Products : mobile_security_framework- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
8.1
CVSS31CVE-2024-11398
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vector... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.0
CVSS31CVE-2024-54154
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
8.0
CVSS31CVE-2024-40691
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, ... Read more
Affected Products : cognos_controller- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024