Latest CVE Feed
-
8.5
HIGHCVE-2024-10068
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An atta... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
5.3
MEDIUMCVE-2018-25104
A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payment Handler. The ... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
10.0
CRITICALCVE-2024-49291
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
9.1
CRITICALCVE-2024-48920
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensi... Read more
Affected Products :- Published: Oct. 17, 2024
- Modified: Oct. 18, 2024
-
6.5
MEDIUMCVE-2024-43609
Microsoft Office Spoofing Vulnerability... Read more
Affected Products : office 365_apps office_long_term_servicing_channel office_2016 office_2024 office_2021 office_2019- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
8.4
HIGHCVE-2024-43497
DeepSpeed Remote Code Execution Vulnerability... Read more
Affected Products : deepspeed- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
6.6
MEDIUM- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
7.8
HIGHCVE-2024-48911
OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unpri... Read more
Affected Products : opencanary- Published: Oct. 14, 2024
- Modified: Oct. 17, 2024
-
8.8
HIGHCVE-2024-9687
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authentic... Read more
Affected Products : wp_2fa_with_telegram- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
4.3
MEDIUMCVE-2024-6757
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers,... Read more
Affected Products : website_builder- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
7.8
HIGHCVE-2024-43501
Windows Common Log File System Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +10 more products- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
5.3
MEDIUMCVE-2024-30117
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.... Read more
Affected Products : bigfix_platform- Published: Oct. 14, 2024
- Modified: Oct. 17, 2024
-
5.5
MEDIUMCVE-2024-43500
Windows Resilient File System (ReFS) Information Disclosure Vulnerability... Read more
Affected Products : windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 windows_11_24h2- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
7.1
HIGH- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024
-
6.4
MEDIUMCVE-2024-9895
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user ... Read more
Affected Products : smart_online_order_for_clover- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
6.1
MEDIUMCVE-2024-9944
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated atta... Read more
Affected Products : woocommerce- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
6.1
MEDIUMCVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.... Read more
Affected Products : markdown-to-jsx- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
8.8
HIGHCVE-2024-9971
The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents.... Read more
Affected Products : flowmaster_bpm_plus- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
8.8
HIGHCVE-2024-9970
The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie.... Read more
Affected Products : flowmaster_bpm_plus- Published: Oct. 15, 2024
- Modified: Oct. 17, 2024
-
7.8
HIGH- Published: Oct. 08, 2024
- Modified: Oct. 17, 2024