Latest CVE Feed
-
8.7
HIGHCVE-2024-39778
When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +11 more products- Published: Aug. 14, 2024
- Modified: Aug. 19, 2024
-
8.7
HIGHCVE-2024-39792
When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.... Read more
Affected Products : nginx_plus- Published: Aug. 14, 2024
- Modified: Aug. 19, 2024
-
8.9
HIGHCVE-2024-39809
The Central Manager user session refresh token does not expire when a user logs out. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated... Read more
Affected Products : big-ip_next_central_manager- Published: Aug. 14, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-39949
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-39948
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
6.5
MEDIUMCVE-2024-39947
A vulnerability has been found in Dahua products.After obtaining the ordinary user's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-39389
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th... Read more
- Published: Aug. 14, 2024
- Modified: Aug. 19, 2024
-
7.2
HIGHCVE-2024-39946
A vulnerability has been found in Dahua products.After obtaining the administrator's username and password, the attacker can send a carefully crafted data packet to the interface with vulnerabilities, causing device initialization.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
6.9
MEDIUMCVE-2024-7912
A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory list... Read more
Affected Products : online_railway_reservation_system- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-39950
A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities to initiate device initialization.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-7913
A vulnerability was found in itsourcecode Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addclient1.php. The manipulation of the argument lname/fname/mi/address/contact/meterReader leads to sql i... Read more
Affected Products : billing_system- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
5.4
MEDIUMCVE-2024-7914
A vulnerability classified as problematic has been found in SourceCodester Yoga Class Registration System 1.0. Affected is an unknown function of the file /php-ycrs/classes/SystemSettings.php. The manipulation of the argument address leads to cross site s... Read more
- Published: Aug. 18, 2024
- Modified: Aug. 19, 2024
-
7.5
HIGHCVE-2024-39944
A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash.... Read more
- Published: Jul. 31, 2024
- Modified: Aug. 19, 2024
-
9.0
HIGHCVE-2024-7832
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 ... Read more
Affected Products : dns-320_firmware dnr-322l_firmware dns-320l_firmware dns-320l dns-120_firmware dns-120 dnr-202l_firmware dnr-202l dns-315l_firmware dns-315l +30 more products- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
9.8
CRITICALCVE-2024-7833
A vulnerability was found in D-Link DI-8100 16.07. It has been classified as critical. This affects the function upgrade_filter_asp of the file upgrade_filter.asp. The manipulation of the argument path leads to command injection. It is possible to initiat... Read more
- Published: Aug. 15, 2024
- Modified: Aug. 19, 2024
-
6.1
MEDIUMCVE-2023-4507
The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthentica... Read more
Affected Products :- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
7.8
HIGHCVE-2024-2175
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.... Read more
Affected Products :- Published: Aug. 16, 2024
- Modified: Aug. 19, 2024
-
5.3
MEDIUMCVE-2023-4730
The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attack... Read more
Affected Products : ladipage- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
6.1
MEDIUMCVE-2023-4604
The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for... Read more
Affected Products : 2j_slideshow- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024
-
4.7
MEDIUMCVE-2023-1604
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page function. This makes it possible for unauthenticated att... Read more
Affected Products : short_url- Published: Aug. 17, 2024
- Modified: Aug. 19, 2024