Total
305841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43363 | 1 Cacti | 1 Cacti | 2024-10-17 | N/A | 7.2 HIGH |
| Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-48909 | 1 Authzed | 1 Spicedb | 2024-10-17 | N/A | 2.0 LOW |
| SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their requests can return a permissionship of `CONDITIONAL` with context marked as missing, even then the context was supplied. LookupResources2 is the new default in SpiceDB 1.37.0 and has been opt-in since SpiceDB 1.35.0. The bug is patched as part of SpiceDB 1.37.1. As a workaround, disable LookupResources2 via the `--enable-experimental-lookup-resources` flag by setting it to `false`. | |||||
| CVE-2024-46898 | 1 Ss-proj | 1 Shirasagi | 2024-10-17 | N/A | 7.5 HIGH |
| SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests. | |||||
| CVE-2024-43541 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-17 | N/A | 7.5 HIGH |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | |||||
| CVE-2024-43542 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-17 | N/A | 6.5 MEDIUM |
| Windows Mobile Broadband Driver Denial of Service Vulnerability | |||||
| CVE-2024-48779 | 2024-10-17 | N/A | 9.8 CRITICAL | ||
| An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. | |||||
| CVE-2023-7294 | 1 Paytium | 1 Paytium | 2024-10-17 | N/A | 7.1 HIGH |
| The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to create a mollie payment profile. | |||||
| CVE-2024-39440 | 2 Google, Unisoc | 10 Android, S8000, T606 and 7 more | 2024-10-17 | N/A | 6.2 MEDIUM |
| In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed. | |||||
| CVE-2023-7293 | 1 Paytium | 1 Paytium | 2024-10-17 | N/A | 4.3 MEDIUM |
| The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to verify the existence of a mollie account. | |||||
| CVE-2023-7292 | 1 Paytium | 1 Paytium | 2024-10-17 | N/A | 4.3 MEDIUM |
| The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to dismiss admin notices. | |||||
| CVE-2024-39439 | 2 Google, Unisoc | 10 Android, S8000, T606 and 7 more | 2024-10-17 | N/A | 6.2 MEDIUM |
| In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | |||||
| CVE-2023-7291 | 1 Paytium | 1 Paytium | 2024-10-17 | N/A | 7.1 HIGH |
| The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to set up a mollie account. | |||||
| CVE-2023-7290 | 1 Paytium | 1 Paytium | 2024-10-17 | N/A | 4.3 MEDIUM |
| The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_for_verified_profiles function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to check profile statuses. | |||||
| CVE-2023-7289 | 1 Paytium | 1 Paytium | 2024-10-17 | N/A | 5.4 MEDIUM |
| The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized API key update due to a missing capability check on the paytium_sw_save_api_keys function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin API keys. | |||||
| CVE-2023-7287 | 1 Paytium | 1 Paytium | 2024-10-17 | N/A | 5.4 MEDIUM |
| The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized subscription cancellation due to a missing capability check on the pt_cancel_subscription function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to cancel a subscription to the plugin. | |||||
| CVE-2023-7288 | 1 Paytium | 1 Paytium | 2024-10-17 | N/A | 5.4 MEDIUM |
| The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_profile_preference function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-level access to change plugin settings. | |||||
| CVE-2024-43543 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-10-17 | N/A | 6.8 MEDIUM |
| Windows Mobile Broadband Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-39438 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-10-17 | N/A | 6.5 MEDIUM |
| In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | |||||
| CVE-2024-39437 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-10-17 | N/A | 6.5 MEDIUM |
| In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. | |||||
| CVE-2024-43544 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-10-17 | N/A | 7.5 HIGH |
| Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability | |||||