IDCVSSSummaryLast (major) updatePublished
CVE-2024-32840 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-32843 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-32845 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-32846 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-32848 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-34779 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-34783 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-34785 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-29847 None
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-32842 None
An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
12-09-2024 - 22:35 12-09-2024 - 02:15
CVE-2024-8751 None
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respect
12-09-2024 - 22:15 12-09-2024 - 22:15
CVE-2024-8751 None
A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respect
12-09-2024 - 22:15 12-09-2024 - 22:15
CVE-2024-8322 None
Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality.
12-09-2024 - 21:56 10-09-2024 - 21:15
CVE-2024-8321 None
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network.
12-09-2024 - 21:53 10-09-2024 - 21:15
CVE-2024-8441 None
An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM.
12-09-2024 - 21:53 10-09-2024 - 21:15
CVE-2024-8320 None
Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices.
12-09-2024 - 21:51 10-09-2024 - 21:15
CVE-2024-8191 None
SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
12-09-2024 - 21:50 10-09-2024 - 21:15
CVE-2024-6121 None
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior ve
12-09-2024 - 21:42 22-07-2024 - 20:15
CVE-2024-41629 None
An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials
12-09-2024 - 21:35 12-09-2024 - 18:15
CVE-2024-8695 None
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
12-09-2024 - 21:35 12-09-2024 - 18:15
CVE-2024-8696 None
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
12-09-2024 - 21:35 12-09-2024 - 18:15
CVE-2024-25270 None
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.
12-09-2024 - 21:35 12-09-2024 - 19:15
CVE-2024-34334 None
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
12-09-2024 - 21:35 12-09-2024 - 19:15
CVE-2024-34335 None
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.
12-09-2024 - 21:35 12-09-2024 - 19:15
CVE-2020-24061 None
Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script
12-09-2024 - 21:35 12-09-2024 - 18:15
CVE-2023-27793 None
An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information.
12-09-2024 - 21:35 19-10-2023 - 21:15
CVE-2023-27795 None
An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key.
12-09-2024 - 21:35 19-10-2023 - 21:15
CVE-2023-30131 None
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.
12-09-2024 - 21:35 19-10-2023 - 21:15
CVE-2023-46227 None
Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or che
12-09-2024 - 21:35 19-10-2023 - 10:15
CVE-2024-20430 None
A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is due to incorrect handling of directory search paths
12-09-2024 - 21:34 12-09-2024 - 20:15
CVE-2024-44459 None
A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption.
12-09-2024 - 21:34 12-09-2024 - 20:15
CVE-2024-44460 None
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
12-09-2024 - 21:34 12-09-2024 - 20:15
CVE-2024-45607 None
whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyo
12-09-2024 - 21:34 12-09-2024 - 20:15
CVE-2024-6077 None
A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
12-09-2024 - 21:34 12-09-2024 - 20:15
CVE-2024-8533 None
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
12-09-2024 - 21:34 12-09-2024 - 20:15
CVE-2024-7960 None
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to f
12-09-2024 - 21:34 12-09-2024 - 21:15
CVE-2024-7961 None
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
12-09-2024 - 21:34 12-09-2024 - 21:15
CVE-2024-34336 None
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-36066 None
The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-45181 None
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-45182 None
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-45303 None
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discours
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-45383 None
A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which lead
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-4472 None
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-6678 None
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under c
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-8311 None
An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-8641 None
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLa
12-09-2024 - 21:34 12-09-2024 - 19:15
CVE-2024-39771 None
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-mi
12-09-2024 - 21:34 28-08-2024 - 06:15
CVE-2024-43414 None
Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.
12-09-2024 - 21:33 27-08-2024 - 18:15
CVE-2024-43783 None
The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of ser
12-09-2024 - 21:33 27-08-2024 - 18:15
Back to Top Mark selected
Back to Top