Latest CVE Feed
-
9.2
CRITICALCVE-2024-21877
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: f... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
9.3
CRITICALCVE-2024-21876
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to access or create arbitratry files.This issue affects Envo... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
9.8
CRITICALCVE-2024-21878
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: fr... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
8.8
HIGHCVE-2024-21879
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: fr... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
8.6
HIGHCVE-2024-21880
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x... Read more
- Published: Aug. 12, 2024
- Modified: Aug. 23, 2024
-
9.8
CRITICALCVE-2024-40453
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.... Read more
Affected Products : squirrelly- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
6.8
MEDIUMCVE-2024-41675
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential XSS vector. Sites running CKAN >= 2.7.0 with the datata... Read more
Affected Products : ckan- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
5.3
MEDIUMCVE-2024-41674
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) could be leaked to package_search calls as part of the r... Read more
Affected Products : ckan- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
8.2
HIGHCVE-2020-11847
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.... Read more
Affected Products : netiq_privileged_access_manager- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
8.7
HIGHCVE-2020-11846
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3... Read more
Affected Products : netiq_privileged_access_manager- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
7.3
HIGHCVE-2020-11850
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6... Read more
Affected Products : netiq_self_service_password_reset- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
7.5
HIGHCVE-2024-6329
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the pat... Read more
Affected Products : gitlab- Published: Aug. 08, 2024
- Modified: Aug. 23, 2024
-
5.4
MEDIUMCVE-2024-4784
An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy.... Read more
Affected Products : gitlab- Published: Aug. 08, 2024
- Modified: Aug. 23, 2024
-
7.5
HIGHCVE-2024-28972
Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure.... Read more
Affected Products : insightiq- Published: Aug. 01, 2024
- Modified: Aug. 23, 2024
-
7.8
HIGHCVE-2024-37008
A maliciously crafted DWG file, when parsed in Revit, can force a stack-based buffer overflow. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.... Read more
- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
7.8
HIGHCVE-2023-22576
Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on th... Read more
Affected Products : repository_manager- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
6.5
MEDIUMCVE-2024-4210
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc... Read more
Affected Products : gitlab- Published: Aug. 08, 2024
- Modified: Aug. 23, 2024
-
8.0
HIGHCVE-2024-7448
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Magnet Forensics AXIOM. User interaction is required to exploit this ... Read more
Affected Products : axiom- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
7.8
HIGHCVE-2024-6141
Windscribe Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on ... Read more
Affected Products : windscribe- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024
-
7.8
HIGHCVE-2024-5930
VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the abil... Read more
Affected Products : advanced_security- Published: Aug. 21, 2024
- Modified: Aug. 23, 2024