Latest CVE Feed
-
7.2
CVSS31CVE-2024-51771
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitr... Read more
Affected Products : clearpass_policy_manager- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.1
CVSS30CVE-2024-42455
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the s... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.1
CVSS30CVE-2024-45205
An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected ... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.1
CVSS30CVE-2024-42449
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.1
CVSS31CVE-2024-49413
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.... Read more
Affected Products : android- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
7.0
CVSS31CVE-2024-45717
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.... Read more
Affected Products : solarwinds_platform- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
7.0
CVSS30CVE-2024-45207
DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Vee... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.7
CVSS31CVE-2024-52548
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.5
CVSS31CVE-2024-41776
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... Read more
Affected Products : cognos_controller- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.5
CVSS31CVE-2024-49418
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.5
CVSS31CVE-2024-12196
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.5
CVSS30CVE-2024-45206
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.5
CVSS31CVE-2024-52545
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.5
CVSS31CVE-2024-11732
The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati... Read more
Affected Products : bp_profile_shortcodes_extra- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.5
CVSS31CVE-2024-53614
A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges.... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.5
CVSS31CVE-2024-12147
A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument C... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.4
CVSS31CVE-2024-9058
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insuf... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.4
CVSS31CVE-2024-11782
The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products :- Published: Dec. 03, 2024
- Modified: Dec. 03, 2024
-
6.4
CVSS31CVE-2024-11854
The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitizatio... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024
-
6.4
CVSS31CVE-2024-10885
The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user su... Read more
Affected Products :- Published: Dec. 04, 2024
- Modified: Dec. 04, 2024