Total
266766 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10167 | 1 Codezips | 1 Sales Management System | 2024-10-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10170 | 1 Fabianros | 1 Hospital Management System | 2024-10-21 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-10171 | 1 Code-projects | 1 Blood Bank System | 2024-10-21 | 5.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-21 | N/A | 7.4 HIGH |
| Windows Remote Desktop Services Tampering Vulnerability | |||||
| CVE-2024-43504 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-10-21 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-47793 | 1 Exceedone | 1 Exment | 2024-10-21 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user. | |||||
| CVE-2019-25154 | 1 Google | 1 Chrome | 2024-10-21 | N/A | 9.6 CRITICAL |
| Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-47224 | 2024-10-21 | N/A | N/A | ||
| A vulnerability in the AWV (Audio, Web and Video Conferencing) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. A successful exploit could allow an attacker to perform a phishing attack. | |||||
| CVE-2024-41712 | 2024-10-21 | N/A | N/A | ||
| A vulnerability in the Web Conferencing Component of Mitel MiCollab through 9.8.1.5 could allow an authenticated attacker to conduct a command injection attack, due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary commands on the system within the context of the user. | |||||
| CVE-2024-35315 | 2024-10-21 | N/A | N/A | ||
| A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges. | |||||
| CVE-2024-30160 | 2024-10-21 | N/A | N/A | ||
| A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2024-30159 | 2024-10-21 | N/A | N/A | ||
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts. | |||||
| CVE-2024-30157 | 2024-10-21 | N/A | N/A | ||
| A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary database and management operations. | |||||
| CVE-2024-43488 | 1 Microsoft | 1 Visual Studio Code | 2024-10-21 | N/A | 9.8 CRITICAL |
| Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | |||||
| CVE-2024-10099 | 1 Comfy | 1 Comfyui | 2024-10-21 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code. | |||||
| CVE-2023-4408 | 3 Fedoraproject, Isc, Netapp | 3 Fedora, Bind, Ontap | 2024-10-21 | N/A | 7.5 HIGH |
| The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1. | |||||
| CVE-2024-43615 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-21 | N/A | 7.1 HIGH |
| Microsoft OpenSSH for Windows Remote Code Execution Vulnerability | |||||
| CVE-2024-10057 | 1 Fahadmahmood | 1 Rss Feed Widget | 2024-10-21 | N/A | 5.4 MEDIUM |
| The RSS Feed Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rfw-youtube-videos shortcode in all versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-43614 | 1 Microsoft | 1 Defender For Endpoint | 2024-10-21 | N/A | 5.5 MEDIUM |
| Microsoft Defender for Endpoint for Linux Spoofing Vulnerability | |||||
| CVE-2024-43612 | 1 Microsoft | 1 Power Bi Report Server | 2024-10-21 | N/A | 4.7 MEDIUM |
| Power BI Report Server Spoofing Vulnerability | |||||