Latest CVE Feed
-
4.3
CVSS31CVE-2024-45767
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnera... Read more
Affected Products : openmanage_enterprise- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
8.0
CVSS31CVE-2024-45766
Dell OpenManage Enterprise, version(s) OME 4.1 and prior, contain(s) an Improper Control of Generation of Code ('Code Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code exe... Read more
Affected Products : openmanage_enterprise- Published: Oct. 17, 2024
- Modified: Oct. 17, 2024
-
7.8
CVSS31CVE-2024-7994
A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Stack-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current p... Read more
Affected Products : revit- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.8
CVSS31CVE-2024-7993
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process... Read more
Affected Products : revit- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2024-48918
RDS Light is a simplified version of the Reflective Dialogue System (RDS), a self-reflecting AI framework. Versions prior to 1.1.0 contain a vulnerability that involves a lack of input validation within the RDS AI framework, specifically within the user i... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2024-47889
Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the block_format helper in Action Mailer. Carefully crafted... Read more
Affected Products : rails- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2024-47888
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Caref... Read more
Affected Products : rails- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2024-47887
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. For a... Read more
Affected Products : rails- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.1
CVSS31CVE-2024-46605
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.... Read more
Affected Products : piwigo- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
3.5
CVSS31CVE-2024-47836
Admidio is an open-source user management solution. Prior to version 4.3.12, an unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Version 4.3.12 fixes this issue.... Read more
Affected Products : admidio- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.5
CVSS31CVE-2024-47522
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/logging is enabled can lead to Suricata aborting with a panic.... Read more
Affected Products : suricata- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.5
CVSS31CVE-2024-47188
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table ... Read more
Affected Products : suricata- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.5
CVSS31CVE-2024-47187
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. T... Read more
Affected Products : suricata- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.5
CVSS31CVE-2024-45797
LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Prior to version 0.5.49, unbounded processing of HTTP request and response headers can lead to excessive CPU time and memory utilization, possibly leading to extreme ... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
5.3
CVSS31CVE-2024-45796
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, a logic error during fragment reassembly can lead to failed reassembly for valid traffic. An attacker could craft... Read more
Affected Products : suricata- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.5
CVSS31CVE-2024-45795
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, rules using datasets with the non-functional / unimplemented "unset" option can trigger an assertion during traff... Read more
Affected Products : suricata- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.1
CVSS31CVE-2024-48744
A Reflected Cross Site Scripting (XSS) vulnerability was found in /trms/listed- teachers.php in PHPGurukul Teachers Record Management System v2.1, which allows remote attackers to execute arbitrary code via "searchinput" POST request parameter.... Read more
Affected Products : teachers_record_management_system- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2024-41128
Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dis... Read more
Affected Products : rails- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2024-9143
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even ... Read more
Affected Products : openssl- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2024-4692
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization confi... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024