Vulnerabilities (CVE)

Total 263098 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43463 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2024-09-17 N/A 7.8 HIGH
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-43467 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2024-09-17 N/A 7.5 HIGH
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-43469 1 Microsoft 1 Azure Cyclecloud 2024-09-17 N/A 8.8 HIGH
Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-6921 1 Nac 1 Nacpremium 2024-09-17 N/A 7.5 HIGH
Cleartext Storage of Sensitive Information vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Retrieve Embedded Sensitive Data.This issue affects NACPremium: through 01082024.
CVE-2024-6920 1 Nac 1 Nacpremium 2024-09-17 N/A 6.1 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Stored XSS.This issue affects NACPremium: through 01082024.
CVE-2024-6919 1 Nac 1 Nacpremium 2024-09-17 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NAC Telecommunication Systems Inc. NACPremium allows Blind SQL Injection.This issue affects NACPremium: through 01082024.
CVE-2024-38878 1 Siemens 1 Omnivise T3000 Application Server 2024-09-17 N/A 6.5 MEDIUM
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.
CVE-2024-7314 1 Anji-plus 1 Report 2024-09-17 N/A 9.8 CRITICAL
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server.
CVE-2024-8092 2024-09-17 N/A 5.4 MEDIUM
The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-8091 2024-09-17 N/A 4.8 MEDIUM
The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8052 2024-09-17 N/A 4.8 MEDIUM
The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-8051 2024-09-17 N/A 5.7 MEDIUM
The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-8047 2024-09-17 N/A 5.7 MEDIUM
The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8044 2024-09-17 N/A 5.7 MEDIUM
The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-8043 2024-09-17 N/A 5.7 MEDIUM
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-5170 2024-09-17 N/A 5.7 MEDIUM
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-46943 2024-09-17 N/A 9.1 CRITICAL
An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.
CVE-2024-46942 2024-09-17 N/A 9.1 CRITICAL
In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.
CVE-2024-46938 2024-09-17 N/A 7.5 HIGH
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files.
CVE-2024-44160 2024-09-17 N/A 7.8 HIGH
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to unexpected app termination.