ID | CVSS | Summary | Last (major) update | Published | |
CVE-2023-35743 | None |
D-Link DAP-2622 DDP Configuration Restore Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 route
|
09-05-2024 - 23:15 | 03-05-2024 - 02:15 | |
CVE-2023-38097 | None |
NETGEAR ProSAFE Network Management System BkreProcessThread Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Mana
|
09-05-2024 - 23:15 | 03-05-2024 - 02:15 | |
CVE-2023-51606 | None |
Kofax Power PDF U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this v
|
09-05-2024 - 23:15 | 03-05-2024 - 03:16 | |
CVE-2023-39472 | None |
Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition
|
09-05-2024 - 23:15 | 03-05-2024 - 03:15 | |
CVE-2024-3154 | None |
A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.
|
09-05-2024 - 22:15 | 26-04-2024 - 04:15 | |
CVE-2024-1753 | None |
A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem
|
09-05-2024 - 22:15 | 18-03-2024 - 15:15 | |
CVE-2023-27532 | None |
Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.
|
09-05-2024 - 18:37 | 10-03-2023 - 22:15 | |
CVE-2022-26500 | 6.5 |
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
|
09-05-2024 - 18:37 | 17-03-2022 - 21:15 | |
CVE-2022-26501 | 10.0 |
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
|
09-05-2024 - 18:37 | 17-03-2022 - 21:15 | |
CVE-2022-26504 | 9.0 |
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
|
09-05-2024 - 18:37 | 17-03-2022 - 21:15 | |
CVE-2015-5742 | 2.1 |
VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.
|
09-05-2024 - 18:37 | 16-10-2015 - 20:59 | |
CVE-2024-2700 | None |
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at build time.
|
09-05-2024 - 16:15 | 04-04-2024 - 14:15 | |
CVE-2024-23817 | None |
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to in
|
09-05-2024 - 15:23 | 25-01-2024 - 20:15 | |
CVE-2024-34383 | None |
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress SEOPress.This issue affects SEOPress: from n/a through 7.7.1.
|
09-05-2024 - 14:15 | 06-05-2024 - 18:15 | |
CVE-2024-25528 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
|
09-05-2024 - 13:05 | 08-05-2024 - 17:15 | |
CVE-2024-25532 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.
|
09-05-2024 - 13:05 | 08-05-2024 - 17:15 | |
CVE-2024-25533 | None |
Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL s
|
09-05-2024 - 13:05 | 08-05-2024 - 17:15 | |
CVE-2024-33382 | None |
An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration
|
09-05-2024 - 13:05 | 08-05-2024 - 17:15 | |
CVE-2024-34244 | None |
libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other uni
|
09-05-2024 - 13:05 | 08-05-2024 - 17:15 | |
CVE-2024-34257 | None |
TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.
|
09-05-2024 - 13:05 | 08-05-2024 - 17:15 | |
CVE-2024-3507 | None |
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensit
|
09-05-2024 - 09:15 | 08-05-2024 - 11:15 | |
CVE-2023-50364 | None |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the v
|
09-05-2024 - 01:15 | 26-04-2024 - 15:15 | |
CVE-2024-26579 | None |
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0,
the attackers can bypass using malicious parameters.
Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pi
|
08-05-2024 - 22:15 | 08-05-2024 - 15:15 | |
CVE-2024-3661 | None |
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local
|
08-05-2024 - 22:15 | 06-05-2024 - 19:15 | |
CVE-2023-40533 | None |
Rejected reason: This CVE ID is a duplicate of CVE-2022-40468
|
08-05-2024 - 22:15 | 01-05-2024 - 16:15 | |
CVE-2024-1459 | None |
A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files
|
08-05-2024 - 17:15 | 12-02-2024 - 21:15 | |
CVE-2024-22460 | None |
Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable applica
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-24787 | None |
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-24788 | None |
A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-24908 | None |
Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the se
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-25527 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-25529 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-25530 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-25531 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-28971 | None |
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user cred
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-31961 | None |
A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter.
|
08-05-2024 - 17:05 | 08-05-2024 - 16:15 | |
CVE-2024-30459 | None |
Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5.
|
08-05-2024 - 17:05 | 08-05-2024 - 14:15 | |
CVE-2024-33574 | None |
Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1.
|
08-05-2024 - 17:05 | 08-05-2024 - 14:15 | |
CVE-2024-4650 | None |
A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to c
|
08-05-2024 - 17:05 | 08-05-2024 - 14:15 | |
CVE-2024-4652 | None |
A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross s
|
08-05-2024 - 17:05 | 08-05-2024 - 14:15 | |
CVE-2024-25517 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the tbTable argument at /WebUtility/MF.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25518 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the template_id parameter at /WorkFlow/wf_get_fields_approve.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25520 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /SysManage/sys_blogtemplate_new.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25521 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the txt_keyword parameter at get_company.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25522 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the office_missive_id parameter at /WorkFlow/wf_work_form_save.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25523 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /filemanage/file_memo.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25524 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkPlan/WorkPlanAttachDownLoad.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25525 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the filename parameter at /WorkFlow/OfficeFileDownload.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25526 | None |
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the project_id parameter at /ProjectManage/pm_gatt_inc.aspx.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 | |
CVE-2024-25560 | None |
When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
08-05-2024 - 17:05 | 08-05-2024 - 15:15 |