Total
3675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25376 | 2024-11-21 | N/A | 7.8 HIGH | ||
| An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. | |||||
| CVE-2024-25359 | 2024-11-21 | N/A | 6.6 MEDIUM | ||
| An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. | |||||
| CVE-2024-25350 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. | |||||
| CVE-2024-25301 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A | 7.2 HIGH |
| Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. | |||||
| CVE-2024-25298 | 1 Redaxo | 1 Redaxo | 2024-11-21 | N/A | 7.2 HIGH |
| An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. | |||||
| CVE-2024-25293 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. | |||||
| CVE-2024-25291 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. | |||||
| CVE-2024-25202 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. | |||||
| CVE-2024-25180 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. | |||||
| CVE-2024-25096 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. | |||||
| CVE-2024-25089 | 1 Malwarebytes | 1 Binisoft Windows Firewall Control | 2024-11-21 | N/A | 9.8 CRITICAL |
| Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. | |||||
| CVE-2024-25086 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2024-11-21 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. | |||||
| CVE-2024-25077 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its value to be modified without invalidating the signature used for secureboot image verification. Because the encryption engine for on-the-fly decryption uses AES in CTR mode without authentication, an attacker-modified Nonce can result in execution of arbitrary code. | |||||
| CVE-2024-24707 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | |||||
| CVE-2024-24525 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. | |||||
| CVE-2024-24520 | 2024-11-21 | N/A | 7.8 HIGH | ||
| An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. | |||||
| CVE-2024-24469 | 1 Flusity | 1 Flusity | 2024-11-21 | N/A | 8.8 HIGH |
| Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. | |||||
| CVE-2024-24396 | 1 Stimulsoft | 1 Dashboard.js | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. | |||||
| CVE-2024-24294 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. | |||||
| CVE-2024-24278 | 2024-11-21 | N/A | 7.5 HIGH | ||
| An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. | |||||