| CVE-2024-48624 |
In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be explo... |
|
2024-10-15 |
View Details |
| CVE-2024-45275 |
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthentica... |
|
2024-10-15 |
View Details |
| CVE-2024-21252 |
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog)... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-48623 |
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET reque... |
|
2024-10-15 |
View Details |
| CVE-2024-0129 |
NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal... |
|
2024-10-15 |
View Details |
| CVE-2024-45274 |
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing auth... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-21251 |
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec... |
LOW |
2024-10-15 |
View Details |
| CVE-2024-48622 |
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject Java... |
|
2024-10-15 |
View Details |
| CVE-2024-45273 |
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the d... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-21250 |
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business S... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-47876 |
Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.... |
|
2024-10-15 |
View Details |
| CVE-2024-45272 |
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-21249 |
Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Exp... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-47874 |
Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.4... |
|
2024-10-15 |
View Details |
| CVE-2024-45271 |
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improp... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-21248 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-47824 |
matrix-react-sdk is react-based software development kit for inserting a Matrix chat/VOIP client int... |
|
2024-10-15 |
View Details |
| CVE-2024-9895 |
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-9974 |
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critica... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-21247 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported... |
LOW |
2024-10-15 |
View Details |
| CVE-2024-47779 |
Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 throug... |
|
2024-10-15 |
View Details |
| CVE-2024-9973 |
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as criti... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-21246 |
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Fun... |
|
2024-10-15 |
View Details |
| CVE-2024-47771 |
Element Desktop is a Matrix client for desktop platforms. Element Desktop versions 1.11.70 through 1... |
|
2024-10-15 |
View Details |
| CVE-2024-47945 |
The devices are vulnerable to session hijacking due to insufficient
entropy in its session ID gener... |
|
2024-10-15 |
View Details |
| CVE-2024-21244 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported... |
LOW |
2024-10-15 |
View Details |
| CVE-2024-47080 |
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versio... |
|
2024-10-15 |
View Details |
| CVE-2024-49382 |
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The... |
|
2024-10-15 |
View Details |
| CVE-2024-9985 |
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-21243 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported... |
LOW |
2024-10-15 |
View Details |
| CVE-2023-31493 |
RCE (Remote Code Execution) exists in ZoneMinder through 1.36.33 as an attacker can create a new .ph... |
|
2024-10-15 |
View Details |
| CVE-2024-49383 |
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The ... |
|
2024-10-15 |
View Details |
| CVE-2024-9984 |
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowin... |
CRITICAL |
2024-10-15 |
View Details |
| CVE-2024-21242 |
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are ... |
LOW |
2024-10-15 |
View Details |
| CVE-2024-9979 |
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to m... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-49384 |
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The... |
|
2024-10-15 |
View Details |
| CVE-2024-9983 |
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing ... |
HIGH |
2024-10-15 |
View Details |
| CVE-2024-21241 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-48948 |
The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify v... |
|
2024-10-15 |
View Details |
| CVE-2024-49387 |
Cleartext transmission of sensitive information in acep-collector service. The following products ar... |
|
2024-10-15 |
View Details |
| CVE-2024-9925 |
SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this vulne... |
|
2024-10-15 |
View Details |
| CVE-2024-21239 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-9986 |
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as cr... |
|
2024-10-15 |
View Details |
| CVE-2024-49388 |
Sensitive information manipulation due to improper authorization. The following products are affecte... |
|
2024-10-15 |
View Details |
| CVE-2024-9895 |
The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting ... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-21238 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supp... |
MEDIUM |
2024-10-15 |
View Details |
| CVE-2024-9977 |
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(... |
|
2024-10-15 |
View Details |
| CVE-2024-47944 |
The device directly executes .patch firmware upgrade files on a USB stick without any prior authenti... |
|
2024-10-15 |
View Details |
| CVE-2024-21237 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS)... |
LOW |
2024-10-15 |
View Details |
| CVE-2024-48283 |
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL Injection i... |
|
2024-10-15 |
View Details |