| CVE-2024-48795 |
An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to o... |
|
2024-10-14 |
View Details |
| CVE-2024-48119 |
Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the module parameter. Authenticated users ca... |
|
2024-10-14 |
View Details |
| CVE-2024-45733 |
In Splunk Enterprise for Windows versions below 9.2.3 and 9.1.6, a low-privileged user that does not... |
HIGH |
2024-10-14 |
View Details |
| CVE-2024-48793 |
An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive informati... |
|
2024-10-14 |
View Details |
| CVE-2024-45732 |
In Splunk Enterprise versions below 9.3.1, and 9.2.0 versions below 9.2.3, and Splunk Cloud Platform... |
|
2024-10-14 |
View Details |
| CVE-2024-48792 |
An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via t... |
|
2024-10-14 |
View Details |
| CVE-2024-48120 |
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS) in the "Opportunities" module. An at... |
|
2024-10-14 |
View Details |
| CVE-2024-45731 |
In Splunk Enterprise for Windows versions below 9.3.1, 9.2.3, and 9.1.6, a low-privileged user that ... |
|
2024-10-14 |
View Details |
| CVE-2024-48791 |
An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain... |
|
2024-10-14 |
View Details |
| CVE-2024-8184 |
There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploit... |
|
2024-10-14 |
View Details |
| CVE-2024-48790 |
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive informati... |
|
2024-10-14 |
View Details |
| CVE-2024-6763 |
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It inclu... |
|
2024-10-14 |
View Details |
| CVE-2024-48789 |
An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitv... |
|
2024-10-14 |
View Details |
| CVE-2024-46988 |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap... |
|
2024-10-14 |
View Details |
| CVE-2024-6762 |
Jetty PushSessionCacheFilter can be exploited by unauthenticated users
to launch remote DoS attacks... |
|
2024-10-14 |
View Details |
| CVE-2024-47831 |
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches ... |
|
2024-10-14 |
View Details |
| CVE-2024-48150 |
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.... |
|
2024-10-14 |
View Details |
| CVE-2024-48153 |
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and ex... |
|
2024-10-14 |
View Details |
| CVE-2024-47826 |
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions pri... |
|
2024-10-14 |
View Details |
| CVE-2024-48153 |
DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and ex... |
|
2024-10-14 |
View Details |
| CVE-2024-48150 |
D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_451208 function.... |
|
2024-10-14 |
View Details |
| CVE-2024-47767 |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap... |
|
2024-10-14 |
View Details |
| CVE-2024-41997 |
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A com... |
|
2024-10-14 |
View Details |
| CVE-2024-47766 |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap... |
|
2024-10-14 |
View Details |
| CVE-2024-48168 |
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-9... |
|
2024-10-14 |
View Details |
| CVE-2023-50780 |
Apache ActiveMQ Artemis allows access to diagnostic information and controls through MBeans, which a... |
HIGH |
2024-10-14 |
View Details |
| CVE-2024-46988 |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap... |
MEDIUM |
2024-10-14 |
View Details |
| CVE-2024-9823 |
There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized us... |
|
2024-10-14 |
View Details |
| CVE-2024-46980 |
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap... |
MEDIUM |
2024-10-14 |
View Details |
| CVE-2024-48261 |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-48251. Reason: This candidat... |
|
2024-10-14 |
View Details |
| CVE-2024-46528 |
An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-... |
|
2024-10-14 |
View Details |
| CVE-2024-48259 |
Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.... |
|
2024-10-14 |
View Details |
| CVE-2024-41997 |
An issue was discovered in version of Warp Terminal prior to 2024.07.18 (v0.2024.07.16.08.02). A com... |
|
2024-10-14 |
View Details |
| CVE-2023-45817 |
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9823. Reason: T... |
|
2024-10-14 |
View Details |
| CVE-2024-48257 |
Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin.... |
CRITICAL |
2024-10-14 |
View Details |
| CVE-2024-48799 |
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain s... |
|
2024-10-14 |
View Details |
| CVE-2024-48251 |
Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat, pro... |
CRITICAL |
2024-10-14 |
View Details |
| CVE-2024-48798 |
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obt... |
|
2024-10-14 |
View Details |
| CVE-2024-48249 |
Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, ... |
|
2024-10-14 |
View Details |
| CVE-2024-48797 |
An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to... |
|
2024-10-14 |
View Details |
| CVE-2024-35518 |
Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri p... |
|
2024-10-14 |
View Details |
| CVE-2024-40616 |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... |
|
2024-10-14 |
View Details |
| CVE-2024-48796 |
An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via ... |
|
2024-10-14 |
View Details |
| CVE-2024-35519 |
Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to c... |
|
2024-10-14 |
View Details |
| CVE-2024-9936 |
When manipulating the selection node cache, an attacker may have been able to cause unexpected behav... |
|
2024-10-14 |
View Details |
| CVE-2024-48168 |
A stack overflow vulnerability exists in the sub_402280 function of the HNAP service of D-Link DCS-9... |
|
2024-10-14 |
View Details |
| CVE-2024-48249 |
Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat, propagation, ... |
|
2024-10-14 |
View Details |
| CVE-2024-8602 |
When the XML is read from the codes in the PDF and parsed using a DocumentBuilder, the default setti... |
|
2024-10-14 |
View Details |
| CVE-2024-46535 |
Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at ... |
|
2024-10-14 |
View Details |
| CVE-2024-35520 |
Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 param... |
|
2024-10-14 |
View Details |