Latest CVE Feed
-
8.8
CVSS31CVE-2023-29117
Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system.... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2024-51023
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2024-48878
Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in Archived Audit Report.... Read more
Affected Products : manageengine_admanager_plus- Published: Nov. 04, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2024-50332
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Use... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2023-34444
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.searchform.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. The... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2023-34445
Combodo iTop is a simple, web based IT Service Management tool. When displaying pages/ajax.render.php XSS are possible for scripts outside of script tags. This issue has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgrade. There a... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2024-10711
The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unau... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2024-31448
Combodo iTop is a simple, web based IT Service Management tool. By filling malicious code in a CSV content, an Cross-site Scripting (XSS) attack can be performed when importing this content. This issue has been fixed in versions 3.1.2 and 3.2.0. All users... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2023-34443
Combodo iTop is a simple, web based IT Service Management tool. When displaying page Run queries Cross-site Scripting (XSS) are possible for scripts outside of script tags. This has been fixed in versions 2.7.9, 3.0.4, 3.1.0. All users are advised to upgr... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2024-49772
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2024-30616
Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.... Read more
Affected Products :- Published: Nov. 04, 2024
- Modified: Nov. 05, 2024
-
8.8
CVSS31CVE-2024-31998
Combodo iTop is a simple, web based IT Service Management tool. A CSRF can be performed on CSV import simulation. This issue has been fixed in versions 3.1.2 and 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerabilit... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.5
CVSS31CVE-2024-51408
AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials.... Read more
Affected Products :- Published: Nov. 04, 2024
- Modified: Nov. 05, 2024
-
8.5
CVSS31CVE-2024-51626
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.... Read more
Affected Products :- Published: Nov. 04, 2024
- Modified: Nov. 04, 2024
-
8.4
CVSS31CVE-2024-47797
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.4
CVSS31CVE-2024-47137
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through out-of-bounds write.... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.4
CVSS31CVE-2024-47404
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free.... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.4
CVSS31CVE-2024-48336
The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app... Read more
Affected Products :- Published: Nov. 04, 2024
- Modified: Nov. 04, 2024
-
8.3
CVSS31CVE-2024-9459
Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module.... Read more
Affected Products :- Published: Nov. 05, 2024
- Modified: Nov. 05, 2024
-
8.2
CVSS31CVE-2024-38408
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.... Read more
Affected Products :- Published: Nov. 04, 2024
- Modified: Nov. 04, 2024