Latest CVE Feed
-
7.7
CVSS30CVE-2024-45204
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting syste... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.7
CVSS30CVE-2024-42457
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credent... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.5
CVSS31CVE-2024-54000
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow... Read more
Affected Products : mobile_security_framework- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.5
CVSS31CVE-2024-49420
Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.5
CVSS31CVE-2024-11391
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attack... Read more
Affected Products : advanced_file_manager- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.5
CVSS31CVE-2024-10567
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attacker... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.5
CVSS31CVE-2024-11952
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-lev... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.5
CVSS31CVE-2024-48080
An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request.... Read more
Affected Products : aedes- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.5
CVSS31CVE-2024-37302
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is ... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.5
CVSS31CVE-2024-41777
IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.... Read more
Affected Products : cognos_controller- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.5
CVSS31CVE-2024-12107
Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.5
CVSS31CVE-2024-50948
An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 04, 2024
-
7.4
CVSS30CVE-2024-42453
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.3
CVSS31CVE-2024-10952
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not pr... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.3
CVSS31CVE-2024-12188
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injecti... Read more
Affected Products :- Published: Dec. 05, 2024
- Modified: Dec. 05, 2024
-
7.3
CVSS31CVE-2024-12187
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch th... Read more
Affected Products :- Published: Dec. 05, 2024
- Modified: Dec. 05, 2024
-
7.2
CVSS31CVE-2024-51771
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitr... Read more
Affected Products : clearpass_policy_manager- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.2
CVSS31CVE-2024-52547
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.1
CVSS30CVE-2024-42449
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.1
CVSS30CVE-2024-42455
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the s... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024