Total
266888 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23816 | 1 Siemens | 1 Location Intelligence | 2024-10-22 | N/A | 9.8 CRITICAL |
A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. | |||||
CVE-2024-38129 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2024-10-22 | N/A | 6.6 MEDIUM |
Windows Kerberos Elevation of Privilege Vulnerability | |||||
CVE-2023-6815 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-10-22 | N/A | 6.5 MEDIUM |
Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. | |||||
CVE-2024-38149 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-22 | N/A | 7.5 HIGH |
BranchCache Denial of Service Vulnerability | |||||
CVE-2024-38262 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-22 | N/A | 7.5 HIGH |
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability | |||||
CVE-2024-38179 | 1 Microsoft | 1 Azure Stack Hci | 2024-10-22 | N/A | 8.8 HIGH |
Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | |||||
CVE-2024-10162 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-21 | 6.5 MEDIUM | 7.2 HIGH |
A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php of the component Edit Subdomain Details Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "mobilenumber" to be affected. But it must be assumed that other parameters are affected as well. | |||||
CVE-2024-10161 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-21 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-10165 | 1 Codezips | 1 Sales Management System | 2024-10-21 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in Codezips Sales Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file deletecustcom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2023-35991 | 1 Elecom | 14 Lan-w300n\/dr, Lan-w300n\/dr Firmware, Lan-w300n\/p and 11 more | 2024-10-21 | N/A | 9.8 CRITICAL |
Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. | |||||
CVE-2024-10166 | 1 Codezips | 1 Sales Management System | 2024-10-21 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in Codezips Sales Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file checkuser.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-10167 | 1 Codezips | 1 Sales Management System | 2024-10-21 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability classified as critical has been found in Codezips Sales Management System 1.0. This affects an unknown part of the file deletecustind.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-10170 | 1 Fabianros | 1 Hospital Management System | 2024-10-21 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. This issue affects some unknown processing of the file get_doctor.php. The manipulation of the argument specilizationid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-10171 | 1 Code-projects | 1 Blood Bank System | 2024-10-21 | 5.8 MEDIUM | 4.9 MEDIUM |
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-21 | N/A | 7.4 HIGH |
Windows Remote Desktop Services Tampering Vulnerability | |||||
CVE-2024-43504 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-10-21 | N/A | 7.8 HIGH |
Microsoft Excel Remote Code Execution Vulnerability | |||||
CVE-2024-47793 | 1 Exceedone | 1 Exment | 2024-10-21 | N/A | 5.4 MEDIUM |
Stored cross-site scripting vulnerability exists in Exment v6.1.4 and earlier and Exment v5.0.11 and earlier. When accessing the edit screen containing custom columns (column type: images or files), an arbitrary script may be executed on the web browser of the user. | |||||
CVE-2019-25154 | 1 Google | 1 Chrome | 2024-10-21 | N/A | 9.6 CRITICAL |
Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
CVE-2024-43488 | 1 Microsoft | 1 Visual Studio Code | 2024-10-21 | N/A | 9.8 CRITICAL |
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | |||||
CVE-2024-10099 | 1 Comfy | 1 Comfyui | 2024-10-21 | N/A | 6.1 MEDIUM |
A stored cross-site scripting (XSS) vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the `/api/upload/image` endpoint. The payload is executed when the file is viewed through the `/view` API endpoint, leading to potential execution of arbitrary JavaScript code. |