Total
263098 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-43463 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-09-17 | N/A | 7.8 HIGH |
Microsoft Office Visio Remote Code Execution Vulnerability | |||||
CVE-2024-43467 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-09-17 | N/A | 7.5 HIGH |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
CVE-2024-43469 | 1 Microsoft | 1 Azure Cyclecloud | 2024-09-17 | N/A | 8.8 HIGH |
Azure CycleCloud Remote Code Execution Vulnerability | |||||
CVE-2024-6921 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 7.5 HIGH |
Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024. | |||||
CVE-2024-6920 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 6.1 MEDIUM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.This issue affects NACPremium: through 01082024. | |||||
CVE-2024-6919 | 1 Nac | 1 Nacpremium | 2024-09-17 | N/A | 9.8 CRITICAL |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024. | |||||
CVE-2024-38878 | 1 Siemens | 1 Omnivise T3000 Application Server | 2024-09-17 | N/A | 6.5 MEDIUM |
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. | |||||
CVE-2024-7314 | 1 Anji-plus | 1 Report | 2024-09-17 | N/A | 9.8 CRITICAL |
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. | |||||
CVE-2024-8092 | 2024-09-17 | N/A | 5.4 MEDIUM | ||
The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
CVE-2024-8091 | 2024-09-17 | N/A | 4.8 MEDIUM | ||
The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
CVE-2024-8052 | 2024-09-17 | N/A | 4.8 MEDIUM | ||
The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
CVE-2024-8051 | 2024-09-17 | N/A | 5.7 MEDIUM | ||
The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
CVE-2024-8047 | 2024-09-17 | N/A | 5.7 MEDIUM | ||
The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
CVE-2024-8044 | 2024-09-17 | N/A | 5.7 MEDIUM | ||
The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |||||
CVE-2024-8043 | 2024-09-17 | N/A | 5.7 MEDIUM | ||
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |||||
CVE-2024-5170 | 2024-09-17 | N/A | 5.7 MEDIUM | ||
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
CVE-2024-46943 | 2024-09-17 | N/A | 9.1 CRITICAL | ||
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information. | |||||
CVE-2024-46942 | 2024-09-17 | N/A | 9.1 CRITICAL | ||
In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. | |||||
CVE-2024-46938 | 2024-09-17 | N/A | 7.5 HIGH | ||
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. | |||||
CVE-2024-44160 | 2024-09-17 | N/A | 7.8 HIGH | ||
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination. |