Total
1731 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50486 | 1 Acnoo | 1 Flutter Api | 2024-10-29 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5. | |||||
| CVE-2024-42017 | 2024-10-29 | N/A | 10.0 CRITICAL | ||
| An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication. | |||||
| CVE-2024-10002 | 1 Roveridx | 1 Rover Idx | 2024-10-25 | N/A | 8.8 HIGH |
| The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906. | |||||
| CVE-2024-48442 | 2024-10-25 | N/A | 6.5 MEDIUM | ||
| Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication. | |||||
| CVE-2024-26519 | 2024-10-23 | N/A | 9.0 CRITICAL | ||
| An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. | |||||
| CVE-2024-49328 | 1 Vivektamrakar | 1 Wp Rest Api Fns | 2024-10-23 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0. | |||||
| CVE-2024-49604 | 1 Najeebmedia | 1 Simple User Registration | 2024-10-23 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | |||||
| CVE-2024-43488 | 1 Microsoft | 1 Visual Studio Code | 2024-10-21 | N/A | 8.8 HIGH |
| Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | |||||
| CVE-2024-21272 | 1 Oracle | 1 Mysql | 2024-10-21 | N/A | 7.5 HIGH |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2024-49399 | 2024-10-18 | N/A | N/A | ||
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | |||||
| CVE-2024-48920 | 2024-10-18 | N/A | 9.1 CRITICAL | ||
| PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | |||||
| CVE-2024-47130 | 1 Gotenna | 1 Gotenna Pro | 2024-10-17 | N/A | 8.8 HIGH |
| The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols. | |||||
| CVE-2024-9984 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | N/A | 9.8 CRITICAL |
| Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | |||||
| CVE-2024-5749 | 2024-10-16 | N/A | 7.5 HIGH | ||
| Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. | |||||
| CVE-2023-22650 | 2024-10-16 | N/A | 8.8 HIGH | ||
| A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable. | |||||
| CVE-2024-48771 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48768 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48776 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48775 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48773 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | |||||