Total
266704 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-21 | N/A | 7.4 HIGH |
Windows Remote Desktop Services Tampering Vulnerability | |||||
CVE-2024-43504 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-10-21 | N/A | 7.8 HIGH |
Microsoft Excel Remote Code Execution Vulnerability | |||||
CVE-2024-47793 | 1 Exceedone | 1 Exment | 2024-10-21 | N/A | 5.4 MEDIUM |
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user. | |||||
CVE-2019-25154 | 1 Google | 1 Chrome | 2024-10-21 | N/A | 9.6 CRITICAL |
Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2024-47224 | 2024-10-21 | N/A | N/A | ||
A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack. | |||||
CVE-2024-41712 | 2024-10-21 | N/A | N/A | ||
A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. | |||||
CVE-2024-40091 | 2024-10-21 | N/A | N/A | ||
Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. | |||||
CVE-2024-40090 | 2024-10-21 | N/A | N/A | ||
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Information Disclosure. An information leak in the Boa webserver allows remote, unauthenticated attackers to leak memory addresses of uClibc and the stack via sending a GET request to the index page. | |||||
CVE-2024-40089 | 2024-10-21 | N/A | N/A | ||
A Command Injection vulnerability in Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, authenticated attackers to execute arbitrary code by injecting shell commands into the name of the Vilo device. | |||||
CVE-2024-40087 | 2024-10-21 | N/A | N/A | ||
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. | |||||
CVE-2024-40086 | 2024-10-21 | N/A | N/A | ||
A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. | |||||
CVE-2024-40085 | 2024-10-21 | N/A | N/A | ||
A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. | |||||
CVE-2024-40084 | 2024-10-21 | N/A | N/A | ||
A Buffer Overflow in the Boa webserver of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via exceptionally long HTTP methods or paths. | |||||
CVE-2024-40083 | 2024-10-21 | N/A | N/A | ||
A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. | |||||
CVE-2024-35315 | 2024-10-21 | N/A | N/A | ||
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges. | |||||
CVE-2024-30160 | 2024-10-21 | N/A | N/A | ||
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
CVE-2024-30159 | 2024-10-21 | N/A | N/A | ||
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
CVE-2024-30157 | 2024-10-21 | N/A | N/A | ||
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. | |||||
CVE-2024-43488 | 1 Microsoft | 1 Visual Studio Code | 2024-10-21 | N/A | 9.8 CRITICAL |
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | |||||
CVE-2024-10099 | 1 Comfy | 1 Comfyui | 2024-10-21 | N/A | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code. |