High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
---|---|---|---|---|---|
acnoo — flutter_api |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5. | 2024-10-28 | 9.8 | CVE-2024-50486 | [email protected] |
adirectory–aDirectory |
Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3. | 2024-10-29 | 10 | CVE-2024-50420 | [email protected] |
Ajar Productions–Ajar in5 Embed |
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server.This issue affects Ajar in5 Embed: from n/a through 3.1.3. | 2024-10-29 | 10 | CVE-2024-50473 | [email protected] |
Amin Omer–Sudan Payment Gateway for WooCommerce |
Unrestricted Upload of File with Dangerous Type vulnerability in Amin Omer Sudan Payment Gateway for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Sudan Payment Gateway for WooCommerce: from n/a through 1.2.2. | 2024-10-29 | 10 | CVE-2024-50494 | [email protected] |
amu02aftab–Enable Shortcodes inside Widgets,Comments and Experts |
The The Enable Shortcodes inside Widgets,Comments and Experts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-10-30 | 7.3 | CVE-2024-9846 | [email protected] [email protected] [email protected] |
Andy Moyle–Church Admin |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Andy Moyle Church Admin allows Reflected XSS.This issue affects Church Admin: from n/a before 5.0.0. | 2024-10-28 | 7.1 | CVE-2024-50438 | [email protected] |
Apache Software Foundation–Apache Lucene.Net.Replicator |
Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET’s Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue. | 2024-10-31 | 8 | CVE-2024-43383 | [email protected] |
apple — ipados |
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | 2024-10-28 | 9.6 | CVE-2024-40867 | [email protected] |
apple — ipados |
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to heap corruption. | 2024-10-28 | 7.8 | CVE-2024-44126 | [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ipados |
This issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. Processing a maliciously crafted file may lead to heap corruption. | 2024-10-28 | 7.8 | CVE-2024-44218 | [email protected] [email protected] [email protected] |
apple — ipados |
A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. | 2024-10-28 | 7.1 | CVE-2024-44252 | [email protected] [email protected] [email protected] [email protected] |
apple — ipados |
A path handling issue was addressed with improved logic. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1, tvOS 18.1. A malicious app may be able to run arbitrary shortcuts without user consent. | 2024-10-28 | 7.8 | CVE-2024-44255 | [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] |
apple — ipados |
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted backup file may lead to modification of protected system files. | 2024-10-28 | 7.1 | CVE-2024-44258 | [email protected] [email protected] [email protected] [email protected] |
apple — ipados |
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory. | 2024-10-28 | 7.8 | CVE-2024-44285 | [email protected] [email protected] [email protected] [email protected] |
apple — macos |
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1. An application may be able to break out of its sandbox. | 2024-10-28 | 8.8 | CVE-2024-44122 | [email protected] [email protected] [email protected] |
apple — macos |
A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. A sandboxed process may be able to circumvent sandbox restrictions. | 2024-10-28 | 8.6 | CVE-2024-44270 | [email protected] [email protected] |
apple — macos |
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences. | 2024-10-28 | 7.1 | CVE-2024-44156 | [email protected] [email protected] |
apple — macos |
A path deletion vulnerability was addressed by preventing vulnerable code from running with privileges. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to bypass Privacy preferences. | 2024-10-28 | 7.1 | CVE-2024-44159 | [email protected] [email protected] |
apple — macos |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access a user’s Photos Library. | 2024-10-28 | 7.5 | CVE-2024-44203 | [email protected] |
apple — macos |
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15. An app may be able to bypass certain Privacy preferences. | 2024-10-28 | 7.5 | CVE-2024-44208 | [email protected] |
apple — macos |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to read sensitive location information. | 2024-10-28 | 7.5 | CVE-2024-44289 | [email protected] [email protected] |
apple — xcode |
This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | 2024-10-28 | 7.5 | CVE-2024-44228 | [email protected] |
Apple–iOS and iPadOS |
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in iOS 18 and iPadOS 18. Password autofill may fill in passwords after failing authentication. | 2024-10-28 | 9.1 | CVE-2024-44217 | [email protected] |
Apple–macOS |
The issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to break out of its sandbox. | 2024-10-28 | 9.3 | CVE-2024-44256 | [email protected] [email protected] |
Apple–macOS |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. | 2024-10-28 | 7.5 | CVE-2024-44196 | [email protected] [email protected] |
Apple–macOS |
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. | 2024-10-28 | 7.7 | CVE-2024-44280 | [email protected] [email protected] |
Apple–macOS |
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to modify protected parts of the file system. | 2024-10-28 | 7.7 | CVE-2024-44295 | [email protected] [email protected] |
Apple–visionOS |
This issue was addressed through improved state management. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, Safari 18.1. An attacker may be able to misuse a trust relationship to download malicious content. | 2024-10-28 | 8.8 | CVE-2024-44259 | [email protected] [email protected] [email protected] [email protected] [email protected] |
Apple–visionOS |
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, visionOS 2.1, tvOS 18.1. An app may be able to cause unexpected system termination or corrupt kernel memory. | 2024-10-28 | 7.7 | CVE-2024-44277 | [email protected] [email protected] [email protected] |
autodesk — autocad |
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-7991 | [email protected] |
autodesk — autocad |
A maliciously crafted DWG file, when parsed through Autodesk AutoCAD and certain AutoCAD-based products, can force a Stack-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-7992 | [email protected] |
autodesk — autocad |
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8588 | [email protected] |
autodesk — autocad |
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8589 | [email protected] |
autodesk — autocad |
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8590 | [email protected] |
autodesk — autocad |
A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8591 | [email protected] |
autodesk — autocad |
A maliciously crafted CATPART file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8592 | [email protected] |
autodesk — autocad |
A maliciously crafted CATPART file when parsed in ASMKERN230A.dll through Autodesk AutoCAD can force a Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8593 | [email protected] |
autodesk — autocad |
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8594 | [email protected] |
autodesk — autocad |
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8595 | [email protected] |
autodesk — autocad |
A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force an Out-of-Bound Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8596 | [email protected] |
autodesk — autocad |
A maliciously crafted STP file when parsed in ASMDATAX230A.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8597 | [email protected] |
autodesk — autocad |
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8598 | [email protected] |
autodesk — autocad |
A maliciously crafted STP file when parsed in ACTranslators.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8599 | [email protected] |
autodesk — autocad |
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8600 | [email protected] |
autodesk — autocad |
A maliciously crafted DXF file when parsed in acdb25.dll through Autodesk AutoCAD can force to access a variable prior to initialization. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8896 | [email protected] |
autodesk — autocad |
A maliciously crafted DWG file when parsed in ACAD.exe through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-9489 | [email protected] |
autodesk — autocad |
A maliciously crafted 3DM file when parsed in atf_api.dll through Autodesk AutoCAD can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-9826 | [email protected] |
autodesk — autocad |
A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-9827 | [email protected] |
autodesk — autocad |
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-9996 | [email protected] |
autodesk — autocad |
A maliciously crafted DWG file when parsed in acdb25.dll through Autodesk AutoCAD can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-9997 | [email protected] |
Autodesk–AutoCAD |
A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. | 2024-10-29 | 7.8 | CVE-2024-8587 | [email protected] |
Automattic–Newspack Blocks |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8. | 2024-11-01 | 8.5 | CVE-2024-37423 | [email protected] |
Azexo–Marketing Automation by AZEXO |
Incorrect Privilege Assignment vulnerability in Azexo Marketing Automation by AZEXO allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80. | 2024-10-30 | 8.8 | CVE-2024-50506 | [email protected] |
azexo–Marketing Automation by AZEXO |
Unrestricted Upload of File with Dangerous Type vulnerability in azexo Marketing Automation by AZEXO allows Upload a Web Shell to a Web Server.This issue affects Marketing Automation by AZEXO: from n/a through 1.27.80. | 2024-10-29 | 9.9 | CVE-2024-50480 | [email protected] |
buynowdepot — advanced_online_ordering_and_delivery_platform |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in BuyNowDepot Advanced Online Ordering and Delivery Platform allows PHP Local File Inclusion.This issue affects Advanced Online Ordering and Delivery Platform: from n/a through 2.0.0. | 2024-10-28 | 9.8 | CVE-2024-50497 | [email protected] |
Carl Alberto–Simple Custom Admin |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Carl Alberto Simple Custom Admin allows Reflected XSS.This issue affects Simple Custom Admin: from n/a through 1.2. | 2024-10-29 | 7.1 | CVE-2024-49647 | [email protected] |
CHANGING Information Technology–IDExpert |
IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. | 2024-11-01 | 7.2 | CVE-2024-10653 | [email protected] [email protected] |
Chetan Khandla–Woocommerce Product Design |
Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0. | 2024-10-29 | 10 | CVE-2024-50482 | [email protected] |
Chetan Khandla–Woocommerce Product Design |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0. | 2024-10-30 | 8.6 | CVE-2024-50509 | [email protected] |
Chetan Khandla–Woocommerce Product Design |
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0. | 2024-10-30 | 7.5 | CVE-2024-50508 | [email protected] |
code-projects–Courier Management System |
A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-01 | 7.3 | CVE-2024-10607 | [email protected] [email protected] [email protected] [email protected] [email protected] |
code-projects–Courier Management System |
A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-01 | 7.3 | CVE-2024-10608 | [email protected] [email protected] [email protected] [email protected] [email protected] |
code-projects–E-Health Care System |
A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as part of String leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter “email” to be affected. But it must be assumed that parameter “admin_pswd” is affected as well. | 2024-11-03 | 7.3 | CVE-2024-10739 | [email protected] [email protected] [email protected] [email protected] [email protected] |
code-projects–E-Health Care System |
A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file /Users/registration.php. The manipulation of the argument f_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-11-03 | 7.3 | CVE-2024-10741 | [email protected] [email protected] [email protected] [email protected] [email protected] |
code-projects–Restaurant Order System |
A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-03 | 7.3 | CVE-2024-10733 | [email protected] [email protected] [email protected] [email protected] [email protected] |
code-projects–Simple Car Rental System |
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-02 | 7.3 | CVE-2024-10702 | [email protected] [email protected] [email protected] [email protected] [email protected] |
code-projects–Wazifa System |
A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-02 | 7.3 | CVE-2024-10699 | [email protected] [email protected] [email protected] [email protected] [email protected] |
codezips — hospital_appointment_system |
A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-28 | 9.8 | CVE-2024-10449 | [email protected] [email protected] [email protected] [email protected] |
codezips — online_institute_management_system |
A vulnerability, which was classified as critical, has been found in Codezips Online Institute Management System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-30 | 9.8 | CVE-2024-10509 | [email protected] [email protected] [email protected] [email protected] |
codezips — pet_shop_management_system |
A vulnerability, which was classified as critical, was found in Codezips Pet Shop Management System 1.0. Affected is an unknown function of the file birdsadd.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-31 | 9.8 | CVE-2024-10556 | [email protected] [email protected] [email protected] [email protected] |
codezips — pet_shop_management_system |
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file birdsupdate.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-10-31 | 9.8 | CVE-2024-10561 | [email protected] [email protected] [email protected] [email protected] |
Codezips–Free Exam Hall Seating Management System |
A vulnerability classified as critical was found in Codezips Free Exam Hall Seating Management System 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-10-30 | 7.3 | CVE-2024-10507 | [email protected] [email protected] [email protected] [email protected] |
Codezips–Free Exam Hall Seating Management System |
A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-03 | 7.3 | CVE-2024-10736 | [email protected] [email protected] [email protected] [email protected] |
Codezips–Free Exam Hall Seating Management System |
A vulnerability classified as critical has been found in Codezips Free Exam Hall Seating Management System 1.0. Affected is an unknown function of the file /teacher.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-03 | 7.3 | CVE-2024-10737 | [email protected] [email protected] [email protected] [email protected] |
CozyThemes–Cozy Blocks |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in CozyThemes Cozy Blocks allows Stored XSS.This issue affects Cozy Blocks: from n/a through 2.0.15. | 2024-10-28 | 7.4 | CVE-2024-50441 | [email protected] |
cure53–DOMPurify |
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. | 2024-10-31 | 9.1 | CVE-2024-48910 | [email protected] [email protected] |
D3TN–D3TN |
Reachable Assertion in BPv7 parser in µD3TN v0.14.0 allows attacker to disrupt service via malformed Extension Block | 2024-10-28 | 7.5 | CVE-2024-10455 | [email protected] |
Daniel Schmitzer–DS.DownloadList |
Deserialization of Untrusted Data vulnerability in Daniel Schmitzer DS.DownloadList allows Object Injection.This issue affects DS.DownloadList: from n/a through 1.3. | 2024-10-30 | 9.8 | CVE-2024-50507 | [email protected] |
David DONISA–WP donimedia carousel |
Unrestricted Upload of File with Dangerous Type vulnerability in David DONISA WP donimedia carousel allows Upload a Web Shell to a Web Server.This issue affects WP donimedia carousel: from n/a through 1.0.1. | 2024-10-30 | 9.9 | CVE-2024-50511 | [email protected] |
Delta Electronics–InfraSuite Device Master |
Delta Electronics InfraSuite Device Master versions prior to 1.0.12 are affected by a deserialization vulnerability that targets the Device-Gateway, which could allow deserialization of arbitrary .NET objects prior to authentication. | 2024-10-30 | 9.8 | CVE-2024-10456 | [email protected] |
Deryck Oate–User Toolkit |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Deryck Oñate User Toolkit allows Authentication Bypass.This issue affects User Toolkit: from n/a through 1.2.3. | 2024-10-30 | 9.8 | CVE-2024-50503 | [email protected] |
Devsoft Baltic O–SurveyJS: Drag & Drop WordPress Form Builder |
Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136. | 2024-10-29 | 9.9 | CVE-2024-50427 | [email protected] |
Eclipse Foundation–mosquitto |
In Eclipse Mosquitto, from version 1.3.2 through 2.0.18, if a malicious broker sends a crafted SUBACK packet with no reason codes, a client using libmosquitto may make out of bounds memory access when acting in its on_subscribe callback. This affects the mosquitto_sub and mosquitto_rr clients. | 2024-10-30 | 9.1 | CVE-2024-10525 | [email protected] [email protected] [email protected] |
Eclipse Foundation–mosquitto |
In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is configured to create an outgoing bridge connection, and that bridge connection has an incoming topic configured that makes use of topic remapping, then if the remote connection sends a crafted PUBLISH packet to the broker a double free will occur with a subsequent crash of the broker. | 2024-10-30 | 7.5 | CVE-2024-3935 | [email protected] [email protected] [email protected] |
esafenet — cdg |
A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delFile/delDifferCourseList of the file /com/esafenet/servlet/ajax/PublicDocInfoAjax.java. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-10-31 | 9.8 | CVE-2024-10595 | [email protected] [email protected] [email protected] [email protected] |
gaizhenbiao — chuanhuchatgpt |
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation. | 2024-10-29 | 9.1 | CVE-2024-5823 | [email protected] [email protected] |
gaizhenbiao — chuanhuchatgpt |
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials. | 2024-10-29 | 7.5 | CVE-2024-7962 | [email protected] [email protected] |
gaizhenbiao–gaizhenbiao/chuanhuchatgpt |
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join. | 2024-10-29 | 9.1 | CVE-2024-5982 | [email protected] [email protected] |
Geek Code Lab–Login As Users |
Missing Authorization vulnerability in Geek Code Lab Login As Users allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login As Users: from n/a through 1.4.3. | 2024-11-01 | 8.8 | CVE-2024-43982 | [email protected] |
Gifford Cheung, Brian Watanabe, Chongsun Ahn–Google Docs RSVP |
Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1. | 2024-10-29 | 7.1 | CVE-2024-49672 | [email protected] |
Google–Chrome |
Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) | 2024-10-29 | 8.8 | CVE-2024-10487 | [email protected] [email protected] |
Google–Chrome |
Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-10-29 | 8.8 | CVE-2024-10488 | [email protected] [email protected] |
GRN Software Group GmbH–GRN spendino Spendenformular |
Missing Authorization vulnerability in GRÃœN Software Group GmbH GRÃœN spendino Spendenformular allows Privilege Escalation.This issue affects GRÃœN spendino Spendenformular: from n/a through 1.0.1. | 2024-10-29 | 9.8 | CVE-2024-50476 | [email protected] |
gwin–WPAdverts Classifieds Plugin |
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s adverts_add shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-10-30 | 7.2 | CVE-2024-10108 | [email protected] [email protected] [email protected] |
HashiCorp–Consul |
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules. | 2024-10-30 | 8.1 | CVE-2024-10005 | [email protected] |
HashiCorp–Consul |
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules. | 2024-10-30 | 8.3 | CVE-2024-10006 | [email protected] |
HashiCorp–Vault |
Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volume of requests to the endpoint which may cause Vault to consume excessive system memory resources, potentially leading to a crash of the underlying system and the Vault process itself. This vulnerability, CVE-2024-8185, is fixed in Vault Community 1.18.1 and Vault Enterprise 1.18.1, 1.17.8, and 1.16.12. | 2024-10-31 | 7.5 | CVE-2024-8185 | [email protected] |
Hercules Design–Hercules Core |
Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5. | 2024-11-01 | 8.8 | CVE-2024-37232 | [email protected] |
hitachienergy — tro610_firmware |
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | 2024-10-29 | 7.2 | CVE-2024-41153 | [email protected] |
HP, Inc.–HP Smart Universal Printing Driver |
Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Printing Driver that sends a print job comprised of a malicious XPS file could potentially lead to Remote Code Execution and/or Elevation of Privilege on the PC. | 2024-10-30 | 7.8 | CVE-2024-9419 | [email protected] |
IBM–Flexible Service Processor |
IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP. | 2024-10-29 | 9.8 | CVE-2024-45656 | [email protected] |
ioannup–Code Generate |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in ioannup Code Generate allows Reflected XSS.This issue affects Code Generate: from n/a through 1.0. | 2024-10-29 | 7.1 | CVE-2024-49646 | [email protected] |
jetbrains — youtrack |
In JetBrains YouTrack before 2024.3.47707 potential ReDoS exploit was possible via email header parsing in Helpdesk functionality | 2024-10-28 | 7.5 | CVE-2024-50574 | [email protected] |
Jinwen–js paper |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Jinwen js allows Reflected XSS.This issue affects js paper: from n/a through 2.5.7. | 2024-10-29 | 7.1 | CVE-2024-49678 | [email protected] |
Kiboko Labs–Namaste! LMS |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Kiboko Labs Namaste! LMS allows Reflected XSS.This issue affects Namaste! LMS: from n/a through 2.6.2. | 2024-10-29 | 7.1 | CVE-2024-50407 | [email protected] |
kibokolabs — namaste!_lms |
Deserialization of Untrusted Data vulnerability in Kiboko Labs Namaste! LMS allows Object Injection.This issue affects Namaste! LMS: from n/a through 2.6.3. | 2024-10-28 | 8.8 | CVE-2024-50408 | [email protected] |
langchain — langchain |
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database. | 2024-10-29 | 9.8 | CVE-2024-7042 | [email protected] [email protected] |
langchain — langchain |
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. | 2024-10-29 | 9.1 | CVE-2024-7774 | [email protected] [email protected] |
langchain — langchain |
A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database. | 2024-10-29 | 9.8 | CVE-2024-8309 | [email protected] [email protected] |
LevelOne–WBR-6012 |
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof an IP address to gain unauthorized access without needing a session token. | 2024-10-30 | 9 | CVE-2024-23309 | [email protected] |
LevelOne–WBR-6012 |
The LevelOne WBR-6012 router’s web application has a vulnerability in its firmware version R0.40e6, allowing attackers to change the administrator password and gain higher privileges without the current password. | 2024-10-30 | 9.9 | CVE-2024-33699 | [email protected] |
LevelOne–WBR-6012 |
A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability. | 2024-10-30 | 8.8 | CVE-2024-24777 | [email protected] |
LevelOne–WBR-6012 |
A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be found at address 0x80100910 80100910 40 6d 21 74 ds “@m!t2K1″ 32 4b 31 00 It is referenced by the function located at 0x800b78b0 and is used as shown in the pseudocode below: if ((SECOND_FROM_BOOT_TIME < 300) && (is_equal = strcmp(password,”@m!t2K1”)) { return 1;} Where 1 is the return value to admin-level access (0 being fail and 3 being user). | 2024-10-30 | 8.1 | CVE-2024-28875 | [email protected] |
LevelOne–WBR-6012 |
A security flaw involving hard-coded credentials in LevelOne WBR-6012’s web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The password string can be found at addresses 0x 803cdd0f and 0x803da3e6: 803cdd0f 41 72 69 65 ds “AriesSerenaCairryNativitaMegan” 73 53 65 72 65 6e 61 43 … It is referenced by the function at 0x800b78b0 and simplified in the pseudocode below: if (is_equal = strcmp(password,”AriesSerenaCairryNativitaMegan”){ ret = 3;} Where 3 is the return value to user-level access (0 being fail and 1 being admin/backdoor). While there’s no legitimate functionality to change this password, once authenticated it is possible manually make a change by taking advantage of TALOS-2024-XXXXX using HTTP POST paramater “Pu” (new user password) in place of “Pa” (new admin password). | 2024-10-30 | 8.1 | CVE-2024-31151 | [email protected] |
LevelOne–WBR-6012 |
The LevelOne WBR-6012 router firmware R0.40e6 suffers from an input validation vulnerability within its FTP functionality, enabling attackers to cause a denial of service through a series of malformed FTP commands. This can lead to device reboots and service disruption. | 2024-10-30 | 7.5 | CVE-2024-33700 | [email protected] |
linux — linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large, but the size of percpu buffer is only page size. And store_trace_args() won’t check whether these data exceeds a single page or not, caused out-of-bounds memory access. It could be reproduced by following steps: 1. build kernel with CONFIG_KASAN enabled 2. save follow program as test.c “` #include <stdio.h> #include <stdlib.h> #include <string.h> // If string length large than MAX_STRING_SIZE, the fetch_store_strlen() // will return 0, cause __get_data_size() return shorter size, and // store_trace_args() will not trigger out-of-bounds access. // So make string length less than 4096. #define STRLEN 4093 void generate_string(char *str, int n) { int i; for (i = 0; i < n; ++i) { char c = i % 26 + ‘a’; str[i] = c; } str[n-1] = ‘ |