Latest CVE Feed
-
6.1
CVSS31CVE-2024-46326
Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
4.8
CVSS31CVE-2024-46240
Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
7.5
CVSS31CVE-2024-45518
An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitiza... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
0.0
NONECVE-2024-10183
A vulnerability in Jamf Pro's Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
5.3
CVSS31CVE-2024-40091
Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
4.3
CVSS31CVE-2024-40090
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
9.1
CVSS31CVE-2024-40089
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
9.6
CVSS31CVE-2024-40087
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
9.6
CVSS31CVE-2024-40086
A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
9.6
CVSS31CVE-2024-40085
A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
9.6
CVSS31CVE-2024-40084
A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths.... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
9.6
CVSS31CVE-2024-40083
A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length ... Read more
Affected Products :- Published: Oct. 21, 2024
- Modified: Oct. 22, 2024
-
0.0
NONECVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source v... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
0.0
NONECVE-2024-9129
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
7.8
CVSS31CVE-2024-9050
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin f... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
5.2
CVSS31CVE-2024-49211
Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
5.2
CVSS31CVE-2024-49210
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or Ja... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
6.5
CVSS31CVE-2024-49209
Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and up... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
5.9
CVSS31CVE-2024-49208
Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and delete... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024
-
4.1
CVSS31CVE-2024-49373
No Fuss Computing Centurion ERP is open source enterprise resource planning (ERP) software. Prior to version 1.2.1, an authenticated user can view projects within organizations they are not apart of. Version 1.2.1 fixes the problem.... Read more
Affected Products :- Published: Oct. 22, 2024
- Modified: Oct. 22, 2024