Latest CVE Feed
-
5.5
CVSS31CVE-2024-45072
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources.... Read more
Affected Products : websphere_application_server- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
5.5
CVSS31CVE-2024-45071
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credent... Read more
Affected Products : websphere_application_server- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
8.8
CVSS31CVE-2024-38814
An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A malicious authenticated user with non-administrator privileges may be able to enter specially crafted SQL queries and perform unauthorized remote code execut... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.1
CVSS31CVE-2024-20512
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
5.4
CVSS31CVE-2024-20463
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an affected device. This vulnerability is due to the H... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
5.5
CVSS31CVE-2024-20462
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability i... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.0
CVSS31CVE-2024-20461
A vulnerability in the CLI of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, local attacker with high privileges to execute arbitrary commands as the root user. This vulnerability exists because CLI input is n... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.1
CVSS31CVE-2024-20460
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability ... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.5
CVSS31CVE-2024-20459
A vulnerability in the web-based management interface of Cisco ATA 190 Multiplatform Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with high privileges to execute arbitrary commands as the root user on the underlyi... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
8.2
CVSS31CVE-2024-20458
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to view or delete the configuration or change the firmware on an affected device. This vulne... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.1
CVSS31CVE-2024-20421
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affec... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
5.4
CVSS31CVE-2024-20420
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect ... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.3
CVSS31CVE-2024-20280
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weak... Read more
Affected Products : unified_computing_system_central_software- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
5.4
CVSS31CVE-2024-10033
A vulnerability was found in aap-gateway. A Cross-site Scripting (XSS) vulnerability exists in the gateway component. This flaw allows a malicious user to perform actions that impact users by using the "?next=" in a URL, which can lead to redirecting, inj... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2023-32266
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to archive a malicious DLLs on the system prior to the installation. This issue affects Applic... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.5
CVSS31CVE-2024-49265
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Partnerships at Booking.Com Booking.Com Banner Creator allows Stored XSS.This issue affects Booking.Com Banner Creator: from n/a through 1.4.6.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
4.3
CVSS31CVE-2024-29155
On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real o... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
0.0
NONECVE-2024-9348
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.... Read more
Affected Products : desktop- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
7.1
CVSS31CVE-2024-49268
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sunburntkamel disconnected allows Reflected XSS.This issue affects disconnected: from n/a through 1.3.0.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024
-
6.5
CVSS31CVE-2024-49267
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in nayon46 Unlimited Addon For Elementor allows Stored XSS.This issue affects Unlimited Addon For Elementor: from n/a through 2.0.0.... Read more
Affected Products :- Published: Oct. 16, 2024
- Modified: Oct. 16, 2024