Vulnerability Database & Alerts

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
PlatformAffected Version(s)Vulnerability SeverityFull Post ReporterDate
Authorization Bypass via Misused ServerConfig.PublicKeyCallbackMediumView or DownloadUNDERCODE2024-12-11
Linux KernelNot specified (all versions before the fix)Memory Leak (due to missing kfree_skb())Low (addressed in kernel updates)View or DownloadUNDERCODE2024-12-11
GitLab CE/EEAll versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1Uncontrolled Resource Consumption (DoS)MediumView or DownloadUNDERCODE2024-12-11

Linux Kernel

Medium (CVSS v3 base score not available yet)

View or DownloadUNDERCODE2024-12-11
macOS SonomaAll versions before 14.6Buffer Overflow (CVSS: High)CriticalView or DownloadUNDERCODE2024-12-11
Linux KernelUnaffected versions not listed (all versions before the fix are assumed vulnerable)Memory Leak (vsock sk_error_queue)Medium (CVSS 3.x Base Score: 5.5)View or DownloadUNDERCODE2024-12-11
kcpAffected versions are prior to 0.26.1.Impersonation vulnerabilityCriticalView or DownloadUNDERCODE2023-11-28
SiYuan<= 0.0.0-20241210012039-5129ad926a21Server-Side Template Injection (SSTI)ModerateView or DownloadUNDERCODE2024-12-11
SiYuan<= 0.0.0-20241210012039-5129ad926a21Arbitrary File ReadHighView or DownloadUNDERCODE2024-12-11
SiYuan<= 0.0.0-20241210012039-5129ad926a21Arbitrary File WriteHighView or DownloadUNDERCODE2024-12-11
Apple iOS, iPadOS, tvOS, and visionOSUnaffected versions not listed (Update to the latest version is recommended)Kernel Memory Corruption (CVE-2024-44277)CriticalView or DownloadUNDERCODE2024-12-11
Linux KernelNot specified (all versions potentially affected)Bluetooth handle release issueMedium (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-12-11
DowngradeView or DownloadUNDERCODE2024-12-11
Apple Products (iOS, iPadOS, macOS, watchOS, visionOS)Unaffected versions not listed (all prior versions potentially vulnerable)Information Disclosure (CVE-2024-44278)CriticalView or DownloadUNDERCODE2024-12-11
JFinalCMS1.0Server-Side Template InjectionView or DownloadUNDERCODE2024-12-11
Liferay Digital Experience PlatformUp to 7.4.3.15Remote Code Execution (RCE)CriticalView or DownloadUNDERCODE2024-12-11
Kashipara E-learning Management Systemv1.0CriticalView or DownloadUNDERCODE2024-12-11
Liferay Portal, Liferay DXP7.2.0 through 7.4.3.12 (Portal), all versions before update 9 (DXP 7.4), all versions before service pack 3 (DXP 7.3), all versions before fix pack 19 (DXP 7.2), and older unsupported versions.Open Redirect (CVE-2024-25609)Critical (CVSS: 6.1)View or DownloadUNDERCODE2024-12-11
macOSNot specified (potentially all versions before Ventura 13.7.1 and Sonoma 14.7.1)PackageKit flaw allowing modification of protected file system areas (CVE-2024-44275)Unknown (awaiting analysis)View or DownloadUNDERCODE2024-12-11
Kashipara E-learning Management Systemv1.0SQL InjectionCritical (CVSS score unavailable)View or DownloadUNDERCODE2024-12-11
JFinalCMS1.0Cross-Site Request Forgery (CSRF)MediumView or DownloadUNDERCODE2024-12-11
Linux KernelNot specifiedUndefined Behavior due to stack usageLow (CVSS details not provided)View or DownloadUNDERCODE2024-12-11
Linux KernelNot specifiedBluetooth handle overflow (CVE-2024-42132)Low (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-12-11
Linux Kernel (ARM)Not specifiedCache Flushing IssueCritical (CVSS details not provided)View or DownloadUNDERCODE2024-12-11
OpenHarmonyPrior to 4.0.1Out-of-Bounds ReadView or DownloadUNDERCODE2024-12-11
Linux KernelUnaffected versions not mentionedUse-after-free (UAF) in the sctp_v6_available() functionCritical (DoS)View or DownloadUNDERCODE2024-12-11
Hewlett Packard Enterprise Insight Remote Support( not specified )Directory TraversalCRITICAL (CVSS Score: 9.8)View or DownloadUNDERCODE2024-12-11
Linux KernelNot specifiedUnbalanced pm_runtime_enable! (CVE-2024-53134)MediumView or DownloadUNDERCODE2024-12-11
Linux KernelNot specifiedDeadlock when accessing tmpfs over NFSMedium (CVSS details not provided)View or DownloadUNDERCODE2024-12-11
Huawei (exact platform unspecified)(not specified)Insufficient verification in system sharing pop-up module (CVE-2024-32989)High (availability impact)View or DownloadUNDERCODE2024-12-11
HarmonyOSAll versions before a patch is applied (specifically mentioned for 4.0.0 and 4.2.0)Permission verification vulnerability in the system sharing pop-up moduleMEDIUM (CVSS score: 6.1)View or DownloadUNDERCODE2024-12-11
Apache Airflow2.8.0 - 2.8.2 (inclusive)Incorrect Privilege AssignmentModerateView or DownloadUNDERCODE2024-12-11
HarmonyOS (all versions mentioned in the references are vulnerable)Not specifiedOut-of-bounds memory accessView or DownloadUNDERCODE2024-12-11
Apache AirflowBefore 2.9.2Use of Web Browser Cache Containing Sensitive InformationMediumView or DownloadUNDERCODE2024-12-11
HarmonyOSNot specifiedInsufficient verification vulnerability in the baseband moduleHighView or DownloadUNDERCODE2024-12-11
MEDIUM (CVSS 3.1 score: 6.2)View or DownloadUNDERCODE2024-12-11
wpa_supplicant module (platform not specified)Not specifiedPermission verification vulnerability (CVE-2024-32991)Critical (CVSS score not explicitly mentioned but the description indicates critical impact)View or DownloadUNDERCODE2024-12-11
Linux KernelUnaffected versions not specified (all before the patch)Privilege EscalationLowView or DownloadUNDERCODE2024-12-11
Missing outer runtime PM protection in drm/xe driverMedium (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-12-11
Local Privilege Escalation (SBAMSvc Link Following)Critical (CVSS score likely high)View or DownloadUNDERCODE2024-12-11
Linux KernelNot specified (all versions using nilfs2 file system are potentially affected)Null Pointer DereferenceLow (CVSS score might be available elsewhere)View or DownloadUNDERCODE2024-12-11
Local Privilege EscalationCritical (CVSS score likely high)View or DownloadUNDERCODE2024-12-11
Heap-based Buffer Overflow (CVE-2024-8025)CriticalView or DownloadUNDERCODE2024-12-11
IBM Cognos Controller11.0.0, 11.0.1Malicious File Upload (CVE-2024-25019)CriticalView or DownloadUNDERCODE2024-12-11
Visteon Infotainment SystemN/ALocal Privilege Escalation (LPE)CriticalView or DownloadUNDERCODE2024-12-11
Visteon Infotainment App SoC (System-on-Chip)Not specifiedMissing Immutable Root of Trust (Hardware Local Privilege Escalation)View or DownloadUNDERCODE2024-12-11
Visteon Infotainment Systems(not specified)Command Injection (CVE-2024-8359)High (CVSS score: 6.8)View or DownloadUNDERCODE2024-12-11
IBM Cognos Controller11.0.0, 11.0.1Exposure of Sensitive InformationNot available (CVSS details not provided)View or DownloadUNDERCODE2024-12-11
IBM Cognos Controller11.0.0, 11.0.1Unrestricted File UploadCritical (CVSS 3.1 score not provided)View or DownloadUNDERCODE2024-12-11
IBM Cognos Controller11.0.0, 11.0.1File Upload Vulnerability (CVE-2024-45676)CriticalView or DownloadUNDERCODE2024-12-11
IBM Cognos Controller11.0.0, 11.0.1Weak Cryptographic AlgorithmsCritical (CVSS details not provided)View or DownloadUNDERCODE2024-12-11
Checkmk Exchange Plugin for MikroTik2.0.0 - 2.5.5 & 0.4a_mk - 2.0aImproper Certificate Validation (CVE-2024-38861)MEDIUM (CVSS v4.0: 4.9)View or DownloadUNDERCODE2024-12-11
Multiple Apple products (iOS, iPadOS, macOS, watchOS, tvOS)All versions before iOS/iPadOS 17.7, macOS 13.7, etc. (see NVD for specifics)CVE-2024-44169 (Kernel Logic Issue)Not specified (likely medium or high)View or DownloadUNDERCODE2024-12-11
macOSAll versions before macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15 (patched)Buffer overflow in Intel Graphics Driver (CVE-2024-44160)CriticalView or DownloadUNDERCODE2024-12-11
CheckmkBefore 2.3.0p16 and 2.2.0p34Cross-Site Scripting (XSS)MEDIUM (CVSS v3: 5.1)View or DownloadUNDERCODE2024-12-11
Apple iOSAll versions before iOS 18 and iPadOS 18 (Vulnerable)Authentication Bypass (CVE-2024-44202)CriticalView or DownloadUNDERCODE2024-12-11
Wazifa System1.0Cross-site Scripting (XSS)Medium (CVSS score: 5.3)View or DownloadUNDERCODE2024-12-11
1000 Projects Library Management System1.0SQL Injection (CVE-2024-12188)CriticalView or DownloadUNDERCODE2024-12-11
PHPGurukul Complaint Management System1.0SQL Injection (CVE-2024-12230)CriticalView or DownloadUNDERCODE2024-12-11
WeiYe-Jing datax-web2.1.1OS Command Injection (CVE-2024-12358)CriticalView or DownloadUNDERCODE2024-12-11
TP-Link VN020 F3v(T)TT_V6.2.1021Buffer OverflowCriticalView or DownloadUNDERCODE2024-12-11
Online Class and Exam Scheduling System1.0SQL Injection (CWE-74, CWE-89)Critical (CVSS v2: 6.5, CVSS v3: 6.3, CVSS v4: 5.3)View or DownloadUNDERCODE2024-12-11
TOTOLINK EX1800T9.1.0cu.2112_B20220316Stack Overflow (CVE-2024-12352)MediumView or DownloadUNDERCODE2024-12-11
code-projects Online Notice BoardUp to 1.0Unrestricted File UploadCritical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)View or DownloadUNDERCODE2024-12-11
SourceCodester Phone Contact Manager System1.0Improper Input ValidationMedium (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)View or DownloadUNDERCODE2024-12-11
PHPGurukul Complaint Management System1.0SQL Injection (CVE-2024-12228)CriticalView or DownloadUNDERCODE2024-12-11
SourceCodester Petrol Pump Management Software1.0Unrestricted File UploadCritical (CVSS score not provided)View or DownloadUNDERCODE2024-12-11
SourceCodester Best House Rental Management System1.0File InclusionMedium (CVSS v3: 4.3, CVSS v2: 5.0, CVSS v4: 6.9)View or DownloadUNDERCODE2024-12-11
SourceCodester Phone Contact Manager System1.0Improper Input ValidationMedium (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)View or DownloadUNDERCODE2024-12-11
Tenda Routers (FH451, FH1201, FH1202, FH1206)Up to 20241129Null Pointer Dereference (in websReadEvent function of /goform/GetIPTV)MEDIUM (CVSS score: 5.3)View or DownloadUNDERCODE2024-12-11

Override leakage to global cache

Critical

View or DownloadUNDERCODE2024-12-10
Ruby on RailsCross-Site Scripting (XSS)LowView or DownloadUNDERCODE2024-12-10
peerigon/angular-expressionsUnaffected versions: >= 1.4.3Remote Code Execution (RCE)CriticalView or DownloadUNDERCODE2024-12-10
wasmvm, cosmwasm-vm(details not yet available)Medium (Moderate + Likely)View or DownloadUNDERCODE2024-12-10
CosmWasm VMMultiple (see Affected Versions)Unspecified (details pending)MediumView or DownloadUNDERCODE2024-12-10
Linux KernelNot specified (versions up to 6.11.3 are vulnerable)Integer overflow in AMD display driver (CVE-2024-50177)MediumView or DownloadUNDERCODE2024-12-10
SourceCodester Simple Online Bidding System1.0SQL InjectionCritical (CVSS v3 Base Score: 5.3 - MEDIUM)View or DownloadUNDERCODE2024-12-10
SourceCodester Simple Online Bidding System1.0Cross-Site Request Forgery (CSRF)MEDIUM (CVSS score: 6.9)View or DownloadUNDERCODE2024-12-10
SourceCodester Simple Online Bidding System1.0SQL InjectionView or DownloadUNDERCODE2024-12-10
SourceCodester Simple Online Bidding System1.0Cross-Site Request Forgery (CSRF)MEDIUMView or DownloadUNDERCODE2024-12-10
Linux KernelAll versions with MPTCP enabled (potentially from 5.7 to later)mptcp: handle consistently DSS corruptionMedium (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-12-10
SourceCodester Simple Online Bidding System1.0SQL InjectionCritical (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)View or DownloadUNDERCODE2024-12-10
Hugo>= 0.123.0, < 0.139.4Unescaped Attributes in Internal TemplatesModerateView or DownloadUNDERCODE2024-12-09
Apache Superset2.0.0 to 4.1.0 (excluding 4.1.0)Improper AuthorizationHighView or DownloadUNDERCODE2024-12-09
Winter CMSAffected versionsTwig Sandbox BypassCriticalView or DownloadUNDERCODE2024-12-09
idna<= 0.5.0Punycode Spoofing (CVE- not mentioned)CriticalView or DownloadUNDERCODE2024-12-09
League/CommonMarkAffected versions prior to 2.6.0Denial of Service (DoS)CriticalView or DownloadUNDERCODE2023-11-28
HarmonyOSNot specified (all versions before May 2024 patch are likely vulnerable)Null Pointer Access (CVE-2024-32998)MediumView or DownloadUNDERCODE2024-12-09
HarmonyOSNot specified (all versions before 17.5 are likely vulnerable)Race condition in binder driver module (CVE-2024-32997)HighView or DownloadUNDERCODE2024-12-09
(Multiple - see below)(All versions before 17.5/10.5/14.5)Logic Issue (CVE-2024-27816)CriticalView or DownloadUNDERCODE2024-12-09
HuaweiEMUI 14, EMUI 13, HarmonyOS 4.2, HarmonyOS 4.0, HarmonyOS 3.1, HarmonyOS 3.0 (based on Huawei security bulletin)PIN enhancement failures in the screen lock moduleHighView or DownloadUNDERCODE2024-12-09
Cracking vulnerability in the OS security moduleView or DownloadUNDERCODE2024-12-09
EMUI (Huawei)Not specifiedImproper Permission Control in Window ManagementMediumView or DownloadUNDERCODE2024-12-09
HarmonyOSAll versions before a fix is applied (specific versions not mentioned)Cracking vulnerability in the OS security moduleMedium (CVSS score: 6.4)View or DownloadUNDERCODE2024-12-09
HarmonyOSAll versions (not specified)Privilege Escalation due to permission control issue in the App Multiplier moduleHighView or DownloadUNDERCODE2024-12-09
Apple Vision ProNot specified (versions before 1.1 are vulnerable)Permissions IssueCriticalView or DownloadUNDERCODE2024-12-09
macOS SonomaNot specifiedCode ExecutionCritical (CVSS score likely high)View or DownloadUNDERCODE2024-12-09
Apple Platforms (tvOS, iOS, iPadOS, macOS, watchOS)Unaffected versions are tvOS 17.4, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, and watchOS 10.4 or later.CVE-2024-23293 - Spotlight vulnerability allowing access to sensitive user data through Siri with physical access.CriticalView or DownloadUNDERCODE2024-12-09
Rockwell Automation Arena Simulation SoftwareNot specifiedHeap-based memory buffer overflowHIGH (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-12-09
Rockwell Automation Arena Simulation softwareNot specifiedMemory buffer overflowCritical (CVSS v3 score: 7.8, CVSS v4 score: 8.4)View or DownloadUNDERCODE2024-12-09
Rockwell Automation Arena SimulationAll Versions (not specified)Memory Buffer OverflowMedium (CVSS v3 score: 4.4)View or DownloadUNDERCODE2024-12-09
Palo Alto Networks PAN-OS (with Captive Portal enabled)Not specifiedReflected Cross-Site Scripting (XSS) - CVE-2024-0011MEDIUM (CVSS v3 score: 4.3)View or DownloadUNDERCODE2024-12-09
Palo Alto Networks PAN-OSReflected Cross-Site Scripting (XSS) - CVE-2024-0010MEDIUM (CVSS score: 4.3)View or DownloadUNDERCODE2024-12-09
Rockwell Automation Arena SimulationAll versions (not specified)Arbitrary Code ExecutionCritical (CVSS v3: 7.8, CVSS v4: 8.4)View or DownloadUNDERCODE2024-12-09
Not specified (all versions before iOS 17.4, iPadOS 17.4, macOS Monterey 12.7.4, etc. are vulnerable)

Validation Issue

High

View or DownloadUNDERCODE2024-12-09
macOS SonomaAll versions before 14.4Improper handling of temporary files (CVE-2024-23287)CriticalView or DownloadUNDERCODE2024-12-09
Apple GarageBandAll versions before 10.4.11 (Vulnerable)Use-after-freeCritical (CVSS score not provided)View or DownloadUNDERCODE2024-12-09
macOS, iOS, iPadOS(Unaffected versions not specified)Incomplete data redaction in log entriesCritical (An app may be able to access user-sensitive data)View or DownloadUNDERCODE2024-12-09
macOS (various versions)Not specifiedMemory CorruptionCriticalView or DownloadUNDERCODE2024-12-09
Apple (iOS, iPadOS, macOS, watchOS)All versions before iOS 16.7.6, iPadOS 16.7.6, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4Lock Screen Bypass via SiriCriticalView or DownloadUNDERCODE2024-12-09
Apple iOSAll versions before 16.7.6 and 17.4System Notification SpoofingCritical (CVSS score unavailable)View or DownloadUNDERCODE2024-12-09

Remote Code Execution (RCE)

Critical (unauthenticated attacker can execute arbitrary code)

View or DownloadUNDERCODE2024-12-09
WhatsUp GoldBefore 2023.1.2Server-Side Request Forgery (SSRF)MEDIUMView or DownloadUNDERCODE2024-12-09
WhatsUp GoldBefore 2023.1.2SSRFMedium (CVSS v3 score: 4.2)View or DownloadUNDERCODE2024-12-09
WhatsUp GoldBefore 24.0.1SQL Injection (CVE-2024-46906)Critical (CVSS score: 8.8)View or DownloadUNDERCODE2024-12-09
Drupal CoreVulnerable versionsImproper Error HandlingModerateView or DownloadUNDERCODE2024-12-07
AndroidAffected versions are prior to 2.3.4.Deserialization vulnerabilityLowView or DownloadUNDERCODE2024-12-07
ModerateView or DownloadUNDERCODE2024-12-07
`path-to-regexp`0.1.xReDoSModerateView or DownloadUNDERCODE2024-12-07
(not specified in the article)HTML Injection (CVE-2024-54128)CriticalView or DownloadUNDERCODE2024-12-07
PyO30.23.0 to 0.23.2Build corruptionModerateView or DownloadUNDERCODE2024-12-07
pprof(Unaffected versions not specified)Unsound memory access due to type mismatch and misalignmentLowView or DownloadUNDERCODE2024-12-07
linkmeAffected versionsType MismatchLowView or DownloadUNDERCODE2024-12-07
Drupal Core>= 10.1.0, = 10.2.0, < 10.2.2Denial of ServiceHighView or DownloadUNDERCODE2024-12-07
Solana Web3.js1.95.6 and 1.95.7Supply chain attack leading to private key theftCriticalView or DownloadUNDERCODE2024-12-07
anstream (Rust)< 0.6.8UnsoundnessModerateView or DownloadUNDERCODE2024-12-07
GitHub CLINot specified (versions before 2.63.1)Path TraversalModerateView or DownloadUNDERCODE2024-12-07

PAN-OS

Privilege EscalationMEDIUMView or DownloadUNDERCODE2024-12-07
MetabaseAffected versions include 0.40.4 and earlier, and 1.40.4 and earlier.Local File Inclusion (LFI)Critical (CVSS Score: 10.0)View or DownloadUNDERCODE2024-12-07
WindowsMultiple Windows versions are affected.Elevation of PrivilegeHIGHView or DownloadUNDERCODE2024-12-07
Atlassian Jira Server and Data CenterBefore 8.5.14, 8.6.0-8.13.6, 8.14.0-8.16.1Path TraversalCriticalView or DownloadUNDERCODE2021-03-16
Safari, iOS, iPadOS, macOS, visionOSAffected versions are older than Safari 18.1.1, iOS 17.7.2, iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1, iPadOS 18.1.1, visionOS 2.1.1.Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-12-07
Kemp LoadMasterAll versions before 7.2.48.10, 7.2.54.8, 7.2.59.2Unauthenticated Command InjectionCritical (CVSS v3 score: 10.0)View or DownloadUNDERCODE2024-12-07
vCenter ServerAffected versions are not explicitly mentioned.Heap-overflow vulnerability in the DCERPC protocol implementation.Critical (CVSS Score: 9.8)View or DownloadUNDERCODE2024-12-07
Palo Alto Networks Expedition(Not specified)SQL Injection (CVE-2024-9465)Critical (CVSS score: 9.2)View or DownloadUNDERCODE2024-12-07
Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN SeriesV5.00 through V5.38Directory TraversalHIGHView or DownloadUNDERCODE2024-12-07
Oracle Agile PLM Framework9.3.6Information DisclosureHighView or DownloadUNDERCODE2024-12-07
ProjectSendPrior to r1720Improper AuthenticationCritical (CVSS Score: 9.8)View or DownloadUNDERCODE2024-12-07
Not specified (WebKit is used across various Apple products)Versions prior to those mentioned above (specific versions not provided)Sandbox Escape (Critical)CriticalView or DownloadUNDERCODE2024-12-06
Apple iOS, iPadOS, macOSVersions before iOS 17.4, iPadOS 17.4, and macOS Sonoma 14.4Authentication Bypass in Hidden Photos AlbumCritical (CVSS details not shown in excerpt)View or DownloadUNDERCODE2024-12-06
Apple (mentioned in source)Not specified (all versions before the fixed ones are vulnerable)Race Condition (mentioned in description)High (implied by potential access to user-sensitive data)View or DownloadUNDERCODE2024-12-06
Zyxel USG FLEX H SeriesuOS versions up to (excluding) 1.30Insufficiently protected credentialsCritical (CVSS v3 score details not provided)View or DownloadUNDERCODE2024-12-06
iOS, iPadOS, tvOS, watchOS, macOS (all versions before the mentioned fixes)Not applicable (all versions before the fixes)Unrestricted Microphone AccessView or DownloadUNDERCODE2024-12-06
macOS SonomaNot specified (all versions before 14.4 are vulnerable)Improper memory handlingMedium (allows denial-of-service or potential information disclosure)View or DownloadUNDERCODE2024-12-06
macOS Sonoma(Not specified in the provided text)Memory Access IssueCritical (CVE-2024-23249)View or DownloadUNDERCODE2024-12-06
Apple iOSVersions before 17.4Shake-to-Undo information disclosure (CVE-2024-23240)CriticalView or DownloadUNDERCODE2024-12-06
macOSSonoma 14.4, Monterey 12.7.4 (Unaffected versions not listed)Privilege EscalationCriticalView or DownloadUNDERCODE2024-12-06
macOS SonomaBefore 14.4Permissions Issue (CVE-2024-23253)LowView or DownloadUNDERCODE2024-12-06
macOSNot specified (all versions vulnerable before macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5)Out-of-bounds write in Kerberos v5 PAM moduleCritical (CVSS v3.1: CISA-ADP AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)View or DownloadUNDERCODE2024-12-06
(see below)(see below)Information LeakageView or DownloadUNDERCODE2024-12-06
macOSSonoma 14.4, Monterey 12.7.4, Ventura 13.6.5 (all prior versions are vulnerable)Improper Memory Handling (Code Execution)CriticalView or DownloadUNDERCODE2024-12-06
DirectusNot specified (update to latest version)Client-Side HTML Injection (CVE-2024-54128)CriticalView or DownloadUNDERCODE2024-12-05
sigstore-javaLow (for non-monitors/witnesses)View or DownloadUNDERCODE2024-12-05
Drupal CoreN/AImproper Error HandlingModerateView or DownloadUNDERCODE2024-12-05
Drupal Core10.1.0 - 10.1.7, 10.2.0 - 10.2.1Denial of ServiceHighView or DownloadUNDERCODE2024-12-05
Apache Hive4.0.0-alpha-1Deserialization of untrusted dataHighView or DownloadUNDERCODE2024-12-05
Perl (App::cpanminus package)Up to 1.7047Insecure HTTP DownloadCritical (CVSS 3.0: 9.8/10)View or DownloadUNDERCODE2024-12-05
LowView or DownloadUNDERCODE2024-12-05
PyO30.23.0 - 0.23.2Build CorruptionModerateView or DownloadUNDERCODE2024-12-05
Microsoft Brokering File System (Platform details not specified)(Version information not provided)Elevation of PrivilegeHIGH (CVSS v3 Base Score: 7.8)View or DownloadUNDERCODE2024-12-05
Dell Secure Connect Gateway (SCG) Policy ManagerAllStored Cross-Site Scripting (XSS)HIGHView or DownloadUNDERCODE2024-12-05
RpgpAll versions prior to 0.14.1Multiple vulnerabilities leading to denial-of-serviceCriticalView or DownloadUNDERCODE2024-12-05
Spring LDAPAll versions before 2.4.0, 2.4.0 through 2.4.3, 3.0.0 through 3.0.9, 3.1.0 through 3.1.7, 3.2.0 through 3.2.7Information ExposureModerate (CVE-2024-38829)View or DownloadUNDERCODE2024-12-04
Anstream (platform unspecified)Not specifiedUnhandled Character EncodingView or DownloadUNDERCODE2024-12-04
Apache HTTP ServerAffected versions include 2.4.49 and earlier.A remote code execution vulnerability that can be exploited to execute arbitrary code on the server.CriticalView or DownloadUNDERCODE2024-12-04
LinkmeAffected versionsType MismatchLowView or DownloadUNDERCODE2024-12-04
CheckmkUp to 2.0.0, specific 2.1.0 and 2.2.0 versionsMultiple vulnerabilities (CVE-2023-43277, CVE-2023-43278, CVE-2023-43279)High (CVE-2023-43277), Medium (CVE-2023-43278, CVE-2023-43279)View or DownloadUNDERCODE2024-12-04
PDF-XChange Editor(not specified)Out-of-Bounds Read Information DisclosureView or DownloadUNDERCODE2024-12-04
Adobe Animate24.0 and earlier (including 23.0.3)Out-of-Bounds Read (CVE-2024-20762)MEDIUM (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-12-04
Zabbix ServerNot specified (all versions before 6.4.16rc1 and 7.0.0 are vulnerable)Code Injection (CWE-94)Critical (CVSS score: 9.9)View or DownloadUNDERCODE2024-12-04
Adobe Animate23.0.4 and earlierOut-of-bounds read (CVE-2024-20797)Critical (CVSS score: 7.8)View or DownloadUNDERCODE2024-12-04
Adobe Animate23.0.4 and earlierOut-of-bounds read (CVE-2024-20796)Medium (CVSS 3.1 base score: 5.5)View or DownloadUNDERCODE2024-12-04
GitHub CLIPrior to 2.63.1Path TraversalCriticalView or DownloadUNDERCODE2024-12-04
CyberPanelBefore 1c0c6cb (through 2.3.6 and unpatched 2.3.7)Command InjectionCritical (CVSS score: 10.0)View or DownloadUNDERCODE2024-12-04
Adobe Experience ManagerVersions 6.5.19 and earlier (not specified)Stored Cross-Site Scripting (XSS)Medium (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS 3.x Base Score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)Medium (CVSS v3 base score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS 3.1 base score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
ChargePoint Home Flex(Not specified in the article)Denial-of-Service (DoS)MEDIUM (CVSS score: 4.3)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUMView or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Trimble SketchUpAll versions (unaffected versions not specified yet)Stack-based buffer overflow remote code executionCriticalView or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
PDF-XChange EditorAll versions before a patch is released (information not yet available)Out-of-bounds read leading to remote code execution (RCE)High (CVSS v3 score to be determined)View or DownloadUNDERCODE2024-12-03
IBM QRadar Suite, IBM Cloud Pak for Security1.10.12.0 through 1.10.17.0 (QRadar Suite), 1.10.0.0 through 1.1.11.0 (Cloud Pak for Security)Information ExposureCritical (CVSS score details unavailable)View or DownloadUNDERCODE2024-12-03
Linux KernelNot specified (all versions using the iwlwifi driver are potentially vulnerable)Memory Error (improper response handling)Critical (CVE-2024-53059)View or DownloadUNDERCODE2024-12-03
Linux KernelNot specified (all versions potentially affected)Null pointer dereferenceCriticalView or DownloadUNDERCODE2024-12-03
HighView or DownloadUNDERCODE2024-12-03
code-projects FarmaciaUp to 1.0SQL InjectionCritical (CVSS score: 5.3 MEDIUM)View or DownloadUNDERCODE2024-12-03
CheckmkBelow 2.3.0p22, 2.2.0p37, and 2.1.0p50Information DisclosureMedium (CVSS v3: 6.5, CVSS v4: 5.7)View or DownloadUNDERCODE2024-12-03
element-hq/synapseBefore 1.106Unauthenticated Writes to Media RepositoryModerateView or DownloadUNDERCODE2024-12-03
element-hq/synapseBefore 1.120.1Malformed Invite Disrupts /sync FunctionalityHighView or DownloadUNDERCODE2024-12-03
SynapseBelow 1.120.1Unsupported content type handling (multipart/form-data)HighView or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)Medium (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Stack-based Buffer Overflow (Remote Code Execution)Critical (CVSS score likely high)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierReflected Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierReflected Cross-Site Scripting (XSS) (CWE-79)Important (CVSS Score: 5.4 - Medium)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierCross-Site Scripting (XSS)Medium (CVSS v3 score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS) - CVE-2024-26038MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)Medium (CVSS 3.1 score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN SeriesV5.00 through V5.38Directory TraversalHIGHView or DownloadUNDERCODE2024-12-03
ProjectSendPrior to r1720Improper AuthenticationCritical (CVSS score: 9.8)View or DownloadUNDERCODE2024-12-03
Adobe InDesign Desktop19.0, 20.0 and earlierOut-of-bounds read (CVE-2024-49529)MEDIUM (CVSS 3.x Base Score: 5.5)View or DownloadUNDERCODE2024-12-03
Adobe Dreamweaver Desktop21.3 and earlierOS Command Injection (CVE-2024-30314)CriticalView or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierDOM-based Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS 3.x Base Score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Substance 3D Stager3.0.2 and earlierOut-of-bounds read (CVE-2024-52998)Medium (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS) - CVE-2024-26043MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierDOM-based XSS (Cross-Site Scripting)Medium (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored XSSMEDIUMView or DownloadUNDERCODE2024-12-03
Adobe Premiere Pro23.6.5, 24.4.1 and earlierUntrusted Search PathCriticalView or DownloadUNDERCODE2024-12-03
Adobe Experience Manager (AEM)6.5.20 and earlierStored Cross-Site Scripting (XSS)Medium (CVSS v3 score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.20 and earlierDOM-based XSS (CVE-2024-49524)MediumView or DownloadUNDERCODE2024-12-03
Adobe Experience Manager (AEM)6.5.19 and earlier (all versions before 6.5.20 are potentially vulnerable)DOM-based Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Substance 3D Painter9.1.2 and earlierOut-of-bounds readImportant (CVSS Score: 5.5)View or DownloadUNDERCODE2024-12-03
Adobe Experience ManagerVersions 6.5.19 and earlier (information incomplete due to reanalysis)Stored Cross-Site Scripting (XSS)Medium (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe InDesign DesktopID18.5.2, ID19.3 and earlierNULL Pointer DereferenceImportant (CVSS Score: 5.5)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlier (all prior versions are vulnerable)Stored Cross-Site Scripting (XSS) (CVE-2024-26056)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS 3.x score: 5.4)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUMView or DownloadUNDERCODE2024-12-03
Adobe Substance 3D Painter9.1.2 and earlierOut-of-bounds read (CVE-2024-30308)Important (CVSS Score: 5.5)View or DownloadUNDERCODE2024-12-03
Adobe InDesignID18.5.2, ID19.3 and earlierHeap-based Buffer Overflow (CVE-2024-39392)Critical (CVSS score: 7.8)View or DownloadUNDERCODE2024-12-03
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS score: 5.4)View or DownloadUNDERCODE2024-12-03
RailsRails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8 (Rails::HTML::Sanitizer 1.6.0 is vulnerable)XSSCriticalView or DownloadUNDERCODE2024-12-03

Rails

Rails >= 7.1.0 & Rails::HTML::Sanitizer 1.6.0

Cross-Site Scripting (XSS)

Medium

View or DownloadUNDERCODE2024-12-03
Potential XSS (Cross-Site Scripting)View or DownloadUNDERCODE2024-12-03
RailsRails >= 7.1.0 with Rails::HTML::Sanitizer 1.6.0XSSCriticalView or DownloadUNDERCODE2024-12-03
Mongoose< 8.8.3Search InjectionHighView or DownloadUNDERCODE2024-12-03

Rails::HTML::Sanitizer

1.6.0

XSS (Cross-Site Scripting)

Medium

View or DownloadUNDERCODE2024-12-03
Adobe FrameMaker2020.5, 2022.3 and earlier (all versions before 2020.6 or 2022.4)Out-of-bounds read (CVE-2024-30287)Important (CVSS 3.x Base Score: 5.5)View or DownloadUNDERCODE2024-12-02
Adobe FrameMaker2020.5, 2022.3 and earlierHeap-Based Buffer Overflow (CVE-2024-30288)Critical (CVSS Score: 7.8)View or DownloadUNDERCODE2024-12-02
Adobe FrameMaker2020.5 and earlier (including 2022.3)Out-of-bounds read (CVE-2024-30286)Medium (CVSS score: 5.5)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat Reader20.005.30574 and earlierUse After Free (CVE-2024-30284)Critical (CVSS: 3.1 High - 7.8)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat ReaderVersions 20.005.30574, 24.002.20736 and earlier (fill in "all" if all versions are affected)Use After FreeCritical (CVSS score: 7.8)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat ReaderAll versions before 20.005.30635 and 24.002.20759Improper Access Control (CVE-2024-34099)HIGH (CVSS: 7.8)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat ReaderVersions before 20.005.30574 and 24.002.20736Out-of-bounds write vulnerabilityHIGH (CVSS 3.1 base score: 7.8)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat Reader20.005.30574, 24.002.20736 and earlierOut-of-Bounds ReadHIGH (CVSS 3.x Base Score: 7.8)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat ReaderVersions before 20.005.30635 and 24.002.20759 (inclusive)Use After Free (CVE-2024-34095)HIGH (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat Reader DC20.005.30539, 23.008.20470 and earlierUse After Free (CVE-2024-30301)Critical (CVSS 7.8)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat Reader20.005.30574, 24.002.20736 and earlierUse After Free (CVE-2024-34100)Critical (CVSS: 3.1/7.8)View or DownloadUNDERCODE2024-12-02
Adobe Acrobat Reader20.005.30574, 24.002.20736 and earlierOut-of-bounds read (CVE-2024-30311)MediumView or DownloadUNDERCODE2024-12-02
Adobe Acrobat Reader20.005.30574 and earlierOut-of-bounds read (CVE-2024-30312)CriticalView or DownloadUNDERCODE2024-12-02
Adobe Acrobat ReaderAll versions before 20.005.30574 and 24.002.20736Out-of-bounds read (CVE-2024-34101)Medium (CVSS 3.x Base Score: 5.5)View or DownloadUNDERCODE2024-12-02
Adobe FrameMaker2020.5, 2022.3 and earlier (all versions before 2020.6 or 2022.4)Out-of-Bounds Read (CVE-2024-30283)Medium (CVSS score: 5.5)View or DownloadUNDERCODE2024-12-02
`ruzstd`Affected versionsUninitialized and Out-of-Bounds Memory ReadsModerateView or DownloadUNDERCODE2024-12-02
Python-multipartAffected versionsDenial of Service (DoS)HighView or DownloadUNDERCODE2024-12-02
Adobe Experience Manager6.5.19 and earlierStored Cross-Site Scripting (XSS)MEDIUM (CVSS v3 score: 5.4)View or DownloadUNDERCODE2024-12-02
Google ChromeBefore 122.0.6261.57Inappropriate implementation in NavigationCritical (Chromium security severity: Medium)View or DownloadUNDERCODE2024-12-02
Symfony!ERROR! B254 -> Formula Error: Unexpected ,DeserializationHighView or DownloadUNDERCODE2024-12-02
Ant-Media-Server2.8.2Improper Output Neutralization for LogsHighView or DownloadUNDERCODE2024-12-02
SymfonyAffected versions are not explicitly mentioned. It is recommended to upgrade to the latest version to mitigate the risk.Authentication BypassModerateView or DownloadUNDERCODE2024-12-02
SimpleSAMLphpAll versions before 2.3.4, 2.2.4, 2.1.7, and 2.0.15XXE (XML External Entity)CriticalView or DownloadUNDERCODE2024-12-02
N/A (Lettuce is a Java library)Affected versions < 6.5.1.RELEASENetty vulnerability (CVE-TBD)ModerateView or DownloadUNDERCODE2024-12-02
Ibexa Admin UIAffected versions are not explicitly mentioned.Cross-site Scripting (XSS)ModerateView or DownloadUNDERCODE2024-12-02
SFTPGo2.3.0 to 2.6.3Brute Force Takeover of OpenID Connect Session CookiesModerateView or DownloadUNDERCODE2024-12-02
SimpleSAMLphp SAML2(Unaffected versions not specified)XXEModerateView or DownloadUNDERCODE2024-12-02
Node.js10.0.4Prototype PollutionCriticalView or DownloadUNDERCODE2024-12-02
Not specifiedNot specifiedCache ConfusionModerateView or DownloadUNDERCODE2024-12-02
Versions before 10.0.0Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-12-02
veraPDF CLIAffected versions are not explicitly specified.XXE (XML External Entity Injection)LowView or DownloadUNDERCODE2024-12-02
SimpleSAMLphpNot specifiedXXEHighView or DownloadUNDERCODE2024-12-02
(Not specified in the provided text)libarchive versions before 3.7.5Out-of-bounds memory access in execute_filter_audio functionHIGH (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-12-02
AMTT Hotel Broadband Operation SystemUp to 3.0.3.151204SQL Injection (CVE-2024-11051)CriticalView or DownloadUNDERCODE2024-12-02
Concert Ticket Ordering System1.0SQL InjectionView or DownloadUNDERCODE2024-12-02
Team Plugins360 All-in-One Video GalleryAll versions up to 3.5.2Missing AuthorizationHIGHView or DownloadUNDERCODE2024-12-02
Veritas Enterprise VaultBefore 15.2Remote Code ExecutionCritical (CVSS score: 9.8)View or DownloadUNDERCODE2024-11-29
Veritas Enterprise VaultBefore 15.2Remote Code Execution (RCE)Critical (CVSS 3.x score: 9.8)View or DownloadUNDERCODE2024-11-29
Microsoft WindowsNot specified (all versions potentially affected)Elevation of PrivilegeHIGH (CVSS 3.1 base score: 7.0)View or DownloadUNDERCODE2024-11-29
Open Management Infrastructure (OMI)Not specified (all versions likely affected)Remote Code Execution (RCE)Critical (CVSS: 9.8)View or DownloadUNDERCODE2024-11-29
.NET7.0 (<= 7.0.16), 8.0 (<= 8.0.2)Denial of Service (DoS)HIGH (CVSS score: 7.5)View or DownloadUNDERCODE2024-11-29
Kerberos Security Feature BypassHIGH (CVSS 3.1 base score: 7.5)View or DownloadUNDERCODE2024-11-29
WordPressProfileGrid plugin versions up to 5.9.3.6Unauthorized data modificationMedium (CVSS: 6.5)View or DownloadUNDERCODE2024-11-29
HIGH (CVSS: 7.0)View or DownloadUNDERCODE2024-11-29
Microsoft Dynamics 365 (on-premises)Not specifiedCross-site Scripting (XSS)HIGH (CVSS v3 score: 7.6)View or DownloadUNDERCODE2024-11-29
WordPressAshe theme versions up to 2.243Reflected Cross-Site Scripting (XSS)MEDIUM (CVSS: 6.1)View or DownloadUNDERCODE2024-11-29
WordPress Plugin - MailChimp Forms by MailMunchAll versions up to 3.2.3 (inclusive)Reflected Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-29
Veritas Enterprise VaultBefore 15.2Remote Code Execution (RCE)Critical (CVSS v3 score: 9.8)View or DownloadUNDERCODE2024-11-29
Out-of-Bounds Read Remote Code Execution (RCE)Critical (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-11-29
PDF-XChange Editor(not specified in available information)Out-of-Bounds Write Remote Code ExecutionHIGH (CVSS score: 7.8) based on Zero Day Initiative (ZDI)View or DownloadUNDERCODE2024-11-29
MediumView or DownloadUNDERCODE2024-11-29
PDF-XChange EditorAll versions before a patch is releasedInformation DisclosureView or DownloadUNDERCODE2024-11-22
PDF-XChange EditorNot specified (all versions before a patch is released are vulnerable)Out-of-Bounds Read Remote Code ExecutionHIGHView or DownloadUNDERCODE2024-11-29
PDF-XChange Editor(information not available)Out-of-bounds read remote code execution (RCE)Critical (CVSS v3.0 base score likely high)View or DownloadUNDERCODE2024-11-29
EMF File Parsing Out-Of-Bounds ReadLOW (CVSS: 3.3)View or DownloadUNDERCODE2024-11-29
Out-of-Bounds Read Remote Code Execution (RCE) in XPS parsingCritical (CVSS score likely high)View or DownloadUNDERCODE2024-11-29
Foxit PDF ReaderAll versions (unspecified)Out-of-Bounds Read Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-29
Foxit PDF ReaderNot specified in this sourceAnnotation Use-After-FreeCriticalView or DownloadUNDERCODE2024-11-29
Local Privilege EscalationCriticalView or DownloadUNDERCODE2024-11-29
Foxit PDF Reader (all versions)Not specifiedIncorrect Permission Assignment in Update Service (Local Privilege Escalation)CriticalView or DownloadUNDERCODE2024-11-29
Foxit PDF ReaderAll versions (not specified)Out-of-Bounds Read Information DisclosureCriticalView or DownloadUNDERCODE2024-11-29
Annotation Use-After-Free Remote Code ExecutionCritical (CVSS score likely high)View or DownloadUNDERCODE2024-11-29
Annotation Out-of-Bounds ReadCriticalView or DownloadUNDERCODE2024-11-29
Out-of-Bounds Write Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-29
SolarWinds Web Help Desk (WHD)Not specified in the provided information.Hardcoded CredentialsCritical (CVSS score: 9.1)View or DownloadUNDERCODE2024-11-29
SolarWinds Serv-UAll versions up to 15.4.2 Hotfix 1Directory TraversalCriticalView or DownloadUNDERCODE2024-11-29
D-Link NAS devices (DNS-320L, DNS-325, DNS-327L, DNS-340L)All versions up to April 3rd, 2024 (EOL)Command Injection (CVE-2024-3273)Critical (CVSS score likely high)View or DownloadUNDERCODE2024-11-29
Windows (10 and above), Windows Server (2016 and later)Not specifiedHeap-based buffer overflow in DWM Core LibraryHIGH (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-11-29
AndroidAll versions (initially reported on Pixel devices but affects all)Privilege Escalation (CVE-2024-32896)CriticalView or DownloadUNDERCODE2024-11-29
IrfanViewAll versionsHeap-based buffer overflow due to SVG file parsingCritical (CVSS score: 7.8)View or DownloadUNDERCODE2024-11-29
IrfanViewAll versions (unaffected version not specified)Out-of-Bounds Read Remote Code Execution (RCE)View or DownloadUNDERCODE2024-11-29
IrfanViewAll versionsDXF File Parsing Type Confusion Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-29
CriticalView or DownloadUNDERCODE2024-11-29
Foxit PDF ReaderAll versions up to (including) 13.1.3 (Windows) & 13.1.2 (Mac)Use-After-Free Remote Code Execution (RCE)CriticalView or DownloadUNDERCODE2024-11-29
Microsoft Windows KernelNot specifiedTime-Of-Check Time-Of-Use (TOCTOU) race conditionCritical (CVSS score: 7.0)View or DownloadUNDERCODE2024-11-29
Windows MSHTML Platform(Not specified in the provided information)Security Feature BypassCritical (CVSS v3 score: 8.8)View or DownloadUNDERCODE2024-11-29
Oracle CRM Technical Foundation (Oracle E-Business Suite)12.2.3 - 12.2.13Partial Denial of Service (DoS)Medium (CVSS 3.1 Base Score: 4.3)View or DownloadUNDERCODE2024-11-29
JD Edwards EnterpriseOne ToolsPrior to 9.2.8.1Information DisclosureCriticalView or DownloadUNDERCODE2024-11-29
Oracle MySQL Server8.0.35 and prior, 8.2.0 and priorPrivilege Escalation (CVE-2024-20964)Critical (CVSS 3.1 Base Score: 5.3)View or DownloadUNDERCODE2024-11-29
Hugging Face TransformersNot specifiedDeserialization of Untrusted Data (Remote Code Execution)CriticalView or DownloadUNDERCODE2024-11-28
Hugging Face Transformers (MaskFormer model)Not specifiedDeserialization of Untrusted Data (Remote Code Execution)ImportantView or DownloadUNDERCODE2024-11-28
Linux KernelNot specifiedImproper lock handling (CVE-2024-53086)Moderate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-28
Linux KernelNot specified (potentially all versions with the vulnerable remoteproc driver)Error Handling Vulnerability (CWE-755)Low (CVSS v3 details not provided)View or DownloadUNDERCODE2024-11-28
Linux KernelNot specifiedUse-After-Free (UAF)Moderate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-28
Linux KernelNot specified (all versions potentially affected)Exec Queue LeakMedium (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-28
Linux KernelNot specified (versions 6.5 to 6.12 likely affected)Uninitialized variables (hdr_len and txbuf_len)Medium (CVSS 3.1 base score: 5.5)View or DownloadUNDERCODE2024-11-28
Linux KernelNot specified (all versions potentially affected)Race ConditionModerate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-28
Linux KernelNot specified (all versions potentially affected)Access to uninitialized variable in tick_ctx_cleanup() functionMedium (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-28
Hugging Face Transformers (Library)(Unaffected versions not specified yet)Remote Code Execution (RCE)Critical (CVSS score unavailable, but details suggest high severity)View or DownloadUNDERCODE2024-11-28
Linux kernelNot specified (likely impacts specific kernel versions)Improper use of use_count in media:qcom:camss:stop_streaming functionMedium (CVSS 3.x Base Score: 5.5)View or DownloadUNDERCODE2024-11-28
Linux KernelNot specified (potential impact on all versions with Loongson 3 CPU support)Improper Resource Handling (use of incorrect function)LowView or DownloadUNDERCODE2024-11-28
Linux KernelNot specified (all versions affected by commit de8548813824)Race condition during group handle conversionMedium (CVSS 3.x Base Score: 4.7)View or DownloadUNDERCODE2024-11-28

Cilium

v1.16.0 - v1.16.3 (inclusive)

Layer 7 policy enforcement bypass with port ranges

Medium

View or DownloadUNDERCODE2024-11-28
MLflowN/APrivilege EscalationHighView or DownloadUNDERCODE2024-11-28
deno_doc(not specified)Self-XSSLowView or DownloadUNDERCODE2024-11-28
Querydsl (with JPA)Not specified (but vulnerable in versions up to 6.8.0)HQL Injection (Blind)CriticalView or DownloadUNDERCODE2024-11-28
SPEmailHandler-PHP< 1.0.0Arbitrary Email SendingHighView or DownloadUNDERCODE2024-11-28
Python0.1.13Credential HarvestingHighView or DownloadUNDERCODE2024-11-28
sigstore-javav1.0.0Improper verification of log entry in bundle verification (CVE-2024-53267)CriticalView or DownloadUNDERCODE2024-11-28
libre-chat0.0.6Path TraversalModerateView or DownloadUNDERCODE2024-11-28
lakeFSAffected versions are not explicitly specified.Privilege EscalationModerateView or DownloadUNDERCODE2024-11-28
Jenkins< 0.0.15Path TraversalModerateView or DownloadUNDERCODE2024-11-28
Keycloak26 and earlierDenial-of-Service (DoS)CriticalView or DownloadUNDERCODE2023-11-21
Keycloak!ERROR! B338 -> Formula Error: Unexpected ,Sensitive Data ExposureView or DownloadUNDERCODE2024-11-28
Jenkins1.4.4 and earlierStored Cross-Site Scripting (XSS)HighView or DownloadUNDERCODE2024-11-28
GitHub CLIPrior to 2.63.0Token LeakCriticalView or DownloadUNDERCODE2024-11-28
Devolutions.XTS.NETAll versionsTiming AttackModerateView or DownloadUNDERCODE2024-11-28
Android (uses Apache ExternalStorageProvider)Unaffected versions not specified (potential for widespread impact)File Path Filter BypassCriticalView or DownloadUNDERCODE2024-11-28
Safari, iOS, iPadOS, macOS, visionOSAffected versions prior to Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1Arbitrary Code ExecutionCriticalView or DownloadUNDERCODE2024-11-28
vCenter ServerAffected versionsPrivilege EscalationHIGHView or DownloadUNDERCODE2024-11-28
Oracle Agile PLM Framework9.3.6Information DisclosureHIGHView or DownloadUNDERCODE2024-11-28
SQL Injection (CVE-2024-9465)Critical (CVSS score: 9.2)View or DownloadUNDERCODE2024-11-28
CyberPanel (aka Cyber Panel)Before 5b08cd6d53f4dbc2107ad9f555122ce8b0996515 (versions through 2.3.6 and unpatched 2.3.7)Remote Code Execution (RCE)Critical (CVSS 10.0)View or DownloadUNDERCODE2024-11-28
Progress Kemp LoadMasterAll versions after 7.2.48.1 (including LoadMaster Multi-Tenant VFNs)Unauthenticated Command InjectionCRITICALView or DownloadUNDERCODE2024-11-28
Missing AuthenticationCritical (CVSS score: 9.3)View or DownloadUNDERCODE2024-11-28
NTLMv2 Hash Disclosure SpoofingView or DownloadUNDERCODE2024-11-28
Cisco Adaptive Security Appliance (ASA)Not specifiedCross-site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-28
Palo Alto Networks PAN-OSView or DownloadUNDERCODE2024-11-28
WindowsMultiple versions affectedElevation of PrivilegeHighView or DownloadUNDERCODE2024-11-28
Apple Products (Safari, iOS, iPadOS, macOS, visionOS)Affected versions include Safari 18.1, iOS 17.7, iPadOS 17.7, macOS Sonoma 15.1, iOS 18.1, iPadOS 18.1, and visionOS 2.1.Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-28
Hugging Face Transformers MaskFormer ModelAll versions before a fix is appliedDeserialization of Untrusted Data Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-27
Linux KernelNot specified (the vulnerability was identified in a pre-release version)Suspicious RCU usage in ip_tunnel_find() functionMediumView or DownloadUNDERCODE2024-11-27
Linux KernelNot specified (all versions potentially affected)Memory Corruption in drm/vc4 driverModerate (CVSS v3 score to be determined)View or DownloadUNDERCODE2024-11-27
go-ghPrior to 2.11.1Improper Token HandlingModerateView or DownloadUNDERCODE2024-11-27
GitHub CLIPrior to 2.63.0Token LeakCriticalView or DownloadUNDERCODE2024-11-27
SPEmailHandler-PHP< 1.0.0Arbitrary Email SendingHighView or DownloadUNDERCODE2024-11-27
Linux KernelUnaffected versions not specified yet (Needs Evaluation for most Ubuntu versions)Use-after-free (accessing uninitialized variable)Moderate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-27
Linux KernelNot specified (potentially all versions with qcom:camss driver)Incorrect usage of reference counter in qcom:camss driver (CVE-2024-50175)ModerateView or DownloadUNDERCODE2024-11-27
Linux KernelNot specified (versions 6.10 to 6.12 likely affected)Race condition (CVE-2024-50174)Moderate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-27
ServiceNow VancouverMultipleRemote Code Execution (RCE)CriticalView or DownloadUNDERCODE2024-11-27
Linux KernelNot specified (all versions before the fix are potentially vulnerable)Exec Queue LeakMedium (CVSS score details not yet available)View or DownloadUNDERCODE2024-11-27
Google ChromePrior to 124.0.6367.207Out-of-bounds write in V8 JavaScript engineCritical (High in Chromium)View or DownloadUNDERCODE2024-11-27
Linux KernelNot specifiedResource Leak due to Object Reference LoopMediumView or DownloadUNDERCODE2024-11-27
Linux KernelNot specifiedRace condition in TPM suspension (CVE-2024-53085)Moderate (CVSS score details not provided)View or DownloadUNDERCODE2024-11-27
Linux KernelNot specified (all versions using the vulnerable cpufreq driver)cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() (CVE-2024-50178)CriticalView or DownloadUNDERCODE2024-11-27
Apple Safari, iOS, iPadOS, macOS SequoiaAll versions before Safari 18.1.1, iOS 17.7.2, iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1, iPadOS 18.1.1, and visionOS 2.1.1Code Execution (CVE-2024-44308)CriticalView or DownloadUNDERCODE2024-11-27
Google ChromePrior to 124.0.6367.201Use After Free in VisualsHighView or DownloadUNDERCODE2024-11-27
Linux KernelNot specifiedImproper Error Handling (remoteproc driver)Moderate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-27
Linux KernelNot specifiedUninitialized variable (hdr_len, txbuf_len)MediumView or DownloadUNDERCODE2024-11-27
ServiceNow Now PlatformAll versions before Xanadu General Availability (vague)Sandbox Escape (allows remote code execution)Critical (CVSS score: 9.3)View or DownloadUNDERCODE2024-11-27
Jenkins< 0.0.15Path TraversalModerateView or DownloadUNDERCODE2024-11-27
QuerydslNot specified (vulnerable since initial versions)HQL InjectionCriticalView or DownloadUNDERCODE2024-11-27
Devolutions.XTS.NETAll versions before 2024.11.26Timing Attack (CVE-2024-11862)ModerateView or DownloadUNDERCODE2024-11-27
Google ChromeBefore 125.0.6422.112Type Confusion in V8 JavaScript EngineView or DownloadUNDERCODE2024-11-27
Google ChromePrior to 128.0.6613.84 (Unaffected versions not specified)Type Confusion (CVE-2024-7971)Critical (CVSS score likely high)View or DownloadUNDERCODE2024-11-27
Linux KernelNot specifiedBounds checking error in snd_soc_dapm_widget_listMediumView or DownloadUNDERCODE2024-11-27
Oracle WebCenter Portal (Oracle Fusion Middleware)12.2.1.4.0 (affected version)Unauthorized access (update, insert, delete, read) to some of Oracle WebCenter Portal dataMedium (CVSS v3 score: 4.4)View or DownloadUNDERCODE2024-11-27
Oracle Agile Product Lifecycle Management for ProcessPrior to 6.2.4.2Unauthenticated remote code executionCritical (CVSS 3.1 Base Score: 7.3)View or DownloadUNDERCODE2024-11-27
MySQL Server8.0.35 and prior, 8.2.0 and priorServer : Security : FirewallMediumView or DownloadUNDERCODE2024-11-27
Oracle BI Publisher6.4.0.0.0, 7.0.0.0.0Unauthorized access (update, insert, delete, read)Critical (CVSS score: 5.4)View or DownloadUNDERCODE2024-11-27
Linux KernelUnaffected versions not specified (likely all before a patched version is released)Integer underflow in PLL value checks for Samsung Arbiter 0521 sensorCriticalView or DownloadUNDERCODE2024-11-27
Oracle Hospitality Simphony (component: Simphony Enterprise Server)19.1.0 - 19.5.4Easily exploitable via HTTPCritical (CVSS 3.1 Base Score: 9.9)View or DownloadUNDERCODE2024-11-27
Oracle MySQL Server8.0.36 and prior, 8.3.0 and priorInformation Schema flawCritical (CVSS score: 5.3)View or DownloadUNDERCODE2024-11-27
Oracle WebLogic Server (Core component)12.2.1.4.0, 14.1.1.0.0Security Feature BypassCritical (CVSS 3.1 Base Score: 6.1)View or DownloadUNDERCODE2024-11-27
Oracle E-Business Suite12.2.3 - 12.2.13Unauthorized data accessMedium (CVSS 3.1 Base Score: 5.3)View or DownloadUNDERCODE2024-11-27
Oracle Solaris11Zone component vulnerabilityCritical (CVSS score: 8.2)View or DownloadUNDERCODE2024-11-27
Oracle MySQL Server8.0.35 and prior, 8.2.0 and prior (all versions before these are vulnerable)Improper handling within the Optimizer componentCritical (CVSS 3.1 Base Score: 4.9)View or DownloadUNDERCODE2024-11-27
Oracle E-Business Suite12.2.3 - 12.2.13CVE-2024-20958Medium (CVSS 3.1 Base Score: 5.4)View or DownloadUNDERCODE2024-11-27
Oracle Database Sharding19.3-19.22 & 21.3-21.13An attacker with DBA privileges and network access can cause a partial denial-of-service (DoS).Low (CVSS v3 base score: 2.4)View or DownloadUNDERCODE2024-11-27
Linux KernelNot specifiedBuffer overflow in video capture when using more than 32 buffers.Medium (CVSS v3.1: 5.5)View or DownloadUNDERCODE2024-11-27
Linux KernelUnaffected versions not specified (all before 6.11.8 likely vulnerable)Missing buffer index check in dvb_vb2_expbuf() functionLow (CVSS v3 score not yet available)View or DownloadUNDERCODE2024-11-27
Linux Kernel (Xilinx axienet)Not specified (affects specific platforms)Race condition in network transmissionModerate (CVSS: 5.5)View or DownloadUNDERCODE2024-11-27
Linux KernelUnaffected versions not listed (all potentially vulnerable)Btrfs reference list handling error in `insert_delayed_ref()`LowView or DownloadUNDERCODE2024-11-27
Linux KernelNot specified (all versions potentially affected)Infinite Loop in filemap_read()Medium (CVSS v3: 5.5)View or DownloadUNDERCODE2024-11-27
Linux KernelNot specified (all versions vulnerable before a fix is applied)Crash due to invalid pointer accessMedium (CVSS score not yet assigned)View or DownloadUNDERCODE2024-11-27
Linux KernelNot specifiedInteger overflow in damon_feed_loop_next_input functionModerate (CVSS score details might be available elsewhere)View or DownloadUNDERCODE2024-11-26
Linux Kernel(Unaffected versions not specified)Improper IO Mapping HandlingHighView or DownloadUNDERCODE2024-11-26
CRI-O!ERROR! B402 -> Formula Error: Unexpected ,Malicious checkpoint file can lead to arbitrary node accessModerateView or DownloadUNDERCODE2024-11-26
TCPDF6.7.5Local File Inclusion (LFI)ModerateView or DownloadUNDERCODE2024-11-26
Tungsten Automation Power PDFAll versions (not specified)Out-of-Bounds Read Remote Code Execution (RCE) in JP2 file parsingCriticalView or DownloadUNDERCODE2024-11-26
Tungsten Automation Power PDFAll versions (not specified)JPG File Parsing Out-Of-Bounds ReadInformation Disclosure (allows attackers to see sensitive information)View or DownloadUNDERCODE2024-11-26
Tungsten Automation Power PDFAllJP2 File Parsing Out-Of-Bounds Read Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-26
Tungsten Automation Power PDFNot specifiedOut-of-Bounds Read Information DisclosureNot officially rated (CVSS information not yet available)View or DownloadUNDERCODE2024-11-26
WordPressSirv plugin up to 7.3.0Unauthorized modification of data leading to Denial-of-Service (DoS)CriticalView or DownloadUNDERCODE2024-11-26
WordPress Restaurant Menu – Food Ordering System PluginUp to and including 2.4.2Reflected Cross-Site Scripting (XSS)Medium (CVSS v3: 6.1)View or DownloadUNDERCODE2024-11-26
WordPressContact Form 7 Email Add On plugin <= 1.9Local File InclusionHIGHView or DownloadUNDERCODE2024-11-26
WordPressWooCommerce Product Table Lite plugin versions up to 3.8.6Arbitrary Shortcode Execution & Reflected Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-26
FastStone Image ViewerAll versions before 7.8 are affected (unspecified in report)Out-of-Bounds Write in GIF ParsingCritical (Allows remote code execution)View or DownloadUNDERCODE2024-11-26
Tungsten Automation Power PDF(not specified)Out-of-Bounds Read in PDF ParsingInformation Disclosure (Exploitation likely requires additional vulnerabilities)View or DownloadUNDERCODE2024-11-26
PDF-XChange Editor (all versions)Not applicableOut-of-bounds write during PDF parsingCriticalView or DownloadUNDERCODE2024-11-26
Perl (Imager package)Before 1.0.25Heap-based buffer overflowCritical (CVSS details not provided)View or DownloadUNDERCODE2024-11-26
Ivanti Cloud Services Appliance (CSA)4.6 (before Patch 518)OS Command Injection (CVE-2024-8190)CriticalView or DownloadUNDERCODE2024-11-26
Use-After-Free leading to Remote Code ExecutionCritical (allows attackers to take full control of the system)View or DownloadUNDERCODE2024-11-26
WordPressWPGYM <= 67.1.0Unauthenticated Arbitrary File UploadCriticalView or DownloadUNDERCODE2024-11-26
WordPressWPGYM plugin up to 67.1.0Privilege EscalationModerate (CVSS score not yet available)View or DownloadUNDERCODE2024-11-26
AMD EPYC Processors (see below for affected models)Firmware versions up to (excluding) milanpi_1.0.0.d or genoapi_1.0.0.c (depending on the model)Details not specified in the excerpt, but likely exploitable by attackers.Critical (highest severity level)View or DownloadUNDERCODE2024-11-26
Dell PowerProtect DDPrior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50Access ControlCriticalView or DownloadUNDERCODE2024-11-26
IrfanViewAll versions (to be confirmed)Out-of-Bounds Read Remote Code Execution (RCE) in SID file parsingCriticalView or DownloadUNDERCODE2024-11-26
IBM Watson Query on Cloud Pak for Data, IBM Db2 Big SQL on Cloud Pak for Data1.8, 2.0, 2.1, 2.2 (Watson Query), 7.3, 7.4, 7.5, 7.6 (Db2 Big SQL)Insufficient session expirationCriticalView or DownloadUNDERCODE2024-11-26
PHP8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14HTTP Request Smuggling (CVE-2024-11234)CriticalView or DownloadUNDERCODE2024-11-26
Pandora FMS700 through <= 777.4Command Injection (LDAP Authentication)MEDIUMView or DownloadUNDERCODE2024-11-26
WordPressMy Contador lesr plugin <= 2.0Unauthenticated Stored Cross-Site Scripting (XSS)Medium (CVSS: 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)View or DownloadUNDERCODE2024-11-26
WordPressDino Game - Embed Google Chrome Dinosaur Game plugin versions up to 1.1.0Stored Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-26
WordPressPure CSS Circle Progress Bar plugin <= 1.2Stored Cross-Site Scripting (XSS)Critical (Unauthenticated attackers can inject malicious scripts)View or DownloadUNDERCODE2024-11-26
WordPressUp to and including 1.1.6Reflected Cross-Site Scripting (XSS)Medium (CVSS: 6.1)View or DownloadUNDERCODE2024-11-26
WordPressTheater for WordPress <= 0.18.6.2Reflected Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-26
Android(Not specified)Local Privilege Escalation through Screen CaptureCriticalView or DownloadUNDERCODE2024-11-26
Zoho ManageEngine Exchange Reporter Plus5714 and belowAuthenticated SQL injectionCriticalView or DownloadUNDERCODE2024-11-26
Jewel Theme Master Addons for ElementorAll versions up to 2.0.5.4.1 (uncertain about earlier versions)Missing AuthorizationCriticalView or DownloadUNDERCODE2024-11-26
HarmonyOS (based on source)Not specifiedMissing permission check in applyCustomDescription of SaveUi.javaHigh (Local Information Disclosure)View or DownloadUNDERCODE2024-11-26
KiviCareUp to 3.6.2Authorization Bypass Through User-Controlled KeyCriticalView or DownloadUNDERCODE2024-11-26
Keycloak Connector Server< 2.5.5Reflected XSSModerateView or DownloadUNDERCODE2024-11-26

sigstore-java

v1.0.0 (patched in v1.1.0)

Incomplete verification in KeylessVerifier.verify()

Critical

View or DownloadUNDERCODE2024-11-26
AndroidNot specified (All versions potentially affected)Confused Deputy in PrintManagerService.javaMediumView or DownloadUNDERCODE2024-11-26
Qualcomm Snapdragon FirmwareAllCWE-835 (Loop or Recursion Vulnerability)View or DownloadUNDERCODE2024-11-26
Qualcomm Multi-mode Call ProcessorNot Applicable (Affects All Versions)Denial-of-Service (DoS)MediumView or DownloadUNDERCODE2024-11-26

Unknown (reference to CWE-787 suggests Out-of-bounds Write)

Unknown (severity cannot be determined from this blog post)View or DownloadUNDERCODE2024-11-26
UkrSolution Barcode Scanner with Inventory & Order ManagerCriticalView or DownloadUNDERCODE2024-11-26
Lobe ChatBefore 1.19.13Unauthorized SSRFCritical (CVSS: 9.0)View or DownloadUNDERCODE2024-11-26
AndroidNot specified (all versions potentially affected)Out-of-bounds write due to missing bounds checkCritical (allows remote code execution)View or DownloadUNDERCODE2024-11-26
IrfanViewAll versions (unaffected versions not specified)DXF file parsing out-of-bounds read leading to RCECriticalView or DownloadUNDERCODE2024-11-26
IrfanViewAll versions (unaffected versions not yet identified)Out-of-bounds read in DXF file parsing leading to RCECriticalView or DownloadUNDERCODE2024-11-26
IrfanViewAll versions (unaffected version not specified yet)Out-of-Bounds Read Remote Code Execution (DXF File Parsing)CriticalView or DownloadUNDERCODE2024-11-26
CentreonAll versions before 22.04.24, 22.10.22, 23.04.18, 23.10.12, and 24.04.0 (not mentioned in the article)SQL Injection in the updateServiceHost functionCritical (allows remote code execution)View or DownloadUNDERCODE2024-11-26
Centreon WebAll versions before the fixes mentioned belowSQL Injection leading to Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-26
Dell PowerProtect DDBefore 7.7.5.50Exposure of Sensitive Information to Unauthorized ActorLow (CVSS: 3.1)View or DownloadUNDERCODE2024-11-26
Dell PowerProtect Data DomainPrior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50Escalation of Privilege (EoP)Critical (CVSS score details not provided)View or DownloadUNDERCODE2024-11-26
Project Worlds Free Download Online Shopping SystemAll versions up to 192.168.1.88 (unclear if specific to this IP or a version range)SQL injectionCritical (CVSS score: 5.3 MEDIUM)View or DownloadUNDERCODE2024-11-26
ManageEngine ADAudit PlusBelow 8121SQL Injection (CVE-2024-5608)Critical (CVSS score: 8.3)View or DownloadUNDERCODE2024-11-26
emqx NeuronUp to 2.10.0Buffer OverflowCritical (CVSS v4.0: MEDIUM)View or DownloadUNDERCODE2024-11-26
E-Health Care System1.0SQL InjectionCriticalView or DownloadUNDERCODE2024-11-26
GitLab CE/EE16.0 to 17.3.6, 17.4 to 17.4.3, 17.5 to 17.5.1 (Fixed in 17.3.7, 17.4.4, 17.5.2)Unauthorized access to Kubernetes agent (CVE-2024-9693)High (CVSS score: 8.5)View or DownloadUNDERCODE2024-11-26
Python0.1.13Credential HarvestingHighView or DownloadUNDERCODE2024-11-25
Linux KernelNot specifiedOut-of-memory access in dvbdevHigh (CVSS score not provided)View or DownloadUNDERCODE2024-11-25
MLflowAffected versions are not explicitly specified.Excessive directory permissionsHighView or DownloadUNDERCODE2024-11-25
IrfanViewAll versionsHeap-based buffer overflow in JPM file parsingCriticalView or DownloadUNDERCODE2024-11-25
IrfanViewAll versionsDJVU File Parsing Use-After-Free Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-25
IrfanViewAllHeap-based Buffer Overflow Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-25
PDF File Parsing Out-Of-Bounds Read Information DisclosureLOWView or DownloadUNDERCODE2024-11-25
IrfanViewAll versions (unaffected versions not yet disclosed)Out-of-Bounds Read Remote Code Execution (RCE)CriticalView or DownloadUNDERCODE2024-11-25
IrfanViewAll versionsOut-of-Bounds Write in JPM File ParsingCriticalView or DownloadUNDERCODE2024-11-25
IrfanViewAll versionsDXF file parsing memory corruption leading to remote code executionCriticalView or DownloadUNDERCODE2024-11-25
IrfanViewAll versionsOut-of-bounds read during DWG file parsing leading to Remote Code Execution (RCE)Critical (CVSS score: 7.8)View or DownloadUNDERCODE2024-11-25
IrfanViewAll versions (not specified)Out-of-bounds write during ARW file parsingCritical (CVSS score: 7.8)View or DownloadUNDERCODE2024-11-25
IrfanViewAll versions (unaffected versions not specified)Out-of-bounds write during JPM file parsing (CVE-2024-11517)Critical (RCE)View or DownloadUNDERCODE2024-11-25
IrfanViewAll versions (unaffected versions not specified yet)DWG File Parsing Memory Corruption RCECriticalView or DownloadUNDERCODE2024-11-25
IrfanViewAll versions (unaffected versions not yet identified)DXF File Parsing Use-After-Free Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-25
WordPressImagePress – Image Gallery plugin versions up to 1.2.2 (inclusive)Cross-Site Request Forgery (CSRF)Medium (CVSS v3 score not provided)View or DownloadUNDERCODE2024-11-25
IrfanViewAll versionsDXF File Parsing Memory Corruption Remote Code ExecutionCritical (CVSS: 7.8)View or DownloadUNDERCODE2024-11-25
Keycloak26 and earlierDenial-of-Service (DoS)CriticalView or DownloadUNDERCODE2024-11-25
Keycloak!ERROR! B475 -> Formula Error: Unexpected ,Denial-of-Service (DoS)ModerateView or DownloadUNDERCODE2024-11-25
deno_docAll versions before a fix is releasedCross-site Scripting (XSS)LowView or DownloadUNDERCODE2024-11-25
Keycloak!ERROR! B477 -> Formula Error: Unexpected ,Sensitive data exposureHighView or DownloadUNDERCODE2024-11-25
Dell SmartFabric OS10 Software10.5.3.x, 10.5.4.x, 10.5.5.x, 10.5.6.xImproper Neutralization of Special Elements (Command Injection)HIGHView or DownloadUNDERCODE2024-11-25
Keycloak!ERROR! B479 -> Formula Error: Unexpected ,Sensitive data exposure during build processModerateView or DownloadUNDERCODE2024-11-25
Keycloak!ERROR! B480 -> Formula Error: Unexpected ,Path TraversalLowView or DownloadUNDERCODE2024-11-25
Keycloak!ERROR! B481 -> Formula Error: Unexpected ,Inefficient Regular Expression ComplexityView or DownloadUNDERCODE2024-11-25
Xiaomi Router AX9000Not specifiedPost-authorization Command InjectionMEDIUM (CVSS 3.1 base score: 6.4)View or DownloadUNDERCODE2024-11-25
IrfanViewAll versions (unspecified)Out-of-Bounds Write during SID File Parsing (Remote Code Execution)CriticalView or DownloadUNDERCODE2024-11-25
1000 Projects Beauty Parlour Management System1.0SQL InjectionCriticalView or DownloadUNDERCODE2024-11-25
Tungsten Automation Power PDFNot specifiedJPF File Parsing Out-Of-Bounds Write Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-25
IrfanViewAll versions (unaffected versions not specified)WSQ File Parsing Out-Of-Bounds Write Remote Code ExecutionCriticalView or DownloadUNDERCODE2024-11-25
Tungsten Automation Power PDFNot specifiedPSD File Parsing Out-Of-Bounds Write Remote Code ExecutionCritical (CVSS score not provided, but the description indicates remote attackers can execute arbitrary code)View or DownloadUNDERCODE2024-11-25
Tungsten Automation Power PDFNot specifiedStack-based buffer overflow in TIF file parsingCriticalView or DownloadUNDERCODE2024-11-25
WordPressHUSKY - Products Filter Professional for WooCommerce plugin versions up to 1.3.6.3Reflected Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-25
W3speedsterUp to 7.25Cross-Site Request Forgery (CSRF)CriticalView or DownloadUNDERCODE2024-11-25
Vivwebs Dynamic WidgetsUp to 1.6.4Cross-Site Request Forgery (CSRF)Medium (based on CVSS v3.1 score)View or DownloadUNDERCODE2024-11-25
XSS in error messagesLow (user-controlled input needed in error message)View or DownloadUNDERCODE2024-11-25

Taurus Multi-Party Signature Library

Not specified

Critical (both vulnerabilities)

View or DownloadUNDERCODE2024-11-25
Linux KernelNot specified (all versions potentially affected)Race condition in i40e driverModerate (CVSS score not provided)View or DownloadUNDERCODE2024-11-25
lxml (HTML cleaning functionality)Before 0.4.0Improper context handling for special HTML tags (SVG, Math, Noscript)Critical (CVSS score likely high)View or DownloadUNDERCODE2024-11-25
AndroidNot specifiedImproper Input Validation in CompanionDeviceManagerService.java (CVE-2024-0022)HighView or DownloadUNDERCODE2024-11-25
Linux KernelNot specifiedImproper reference count handling for CPU device nodes (RISC-V)Medium (CVSS v3 base score: 5.5)View or DownloadUNDERCODE2024-11-25
Linux KernelNot specified (likely impacts multiple versions)Improper resource handling in iwlwifi driver during AP stop/startMedium (CVSS 3.x Base Score: 5.5)View or DownloadUNDERCODE2024-11-25
Linux KernelNot specified (requires kernel update)Incorrect NULL vs IS_ERR() check in drm/tegra driverLow (CVSS v3 Base Score: 5.5)View or DownloadUNDERCODE2024-11-25
Linux KernelUnaffected versions not listed (potentially all before the fix)Out-of-bounds memory access in virtio_net driverHIGH (CVSS 3.1 base score: 7.1)View or DownloadUNDERCODE2024-11-25
emqx neuronUp to 2.10.0Information Disclosure (CVE-2024-10965)MEDIUMView or DownloadUNDERCODE2024-11-23
AMTT Hotel Broadband Operation SystemUp to 3.0.3.151204Cross-site scripting (XSS)Medium (CVSS score: 5.3)View or DownloadUNDERCODE2024-11-23
code-projects Task Manager1.0SQL InjectionCriticalView or DownloadUNDERCODE2024-11-23
Job Recruitment1.0Cross-site Scripting (XSS)MEDIUMView or DownloadUNDERCODE2024-11-23
WordPress Plugin - CTT Expresso para WooCommerceUp to 3.2.12 (inclusive)Sensitive Information ExposureMediumView or DownloadUNDERCODE2024-11-23
Code4Berry Decoration Management System1.0Improper Access ControlCriticalView or DownloadUNDERCODE2024-11-23
Dropbox DesktopAllMark-of-the-Web BypassCriticalView or DownloadUNDERCODE2024-11-23
WordPressFundEngine plugin versions up to and including 1.7.0Privilege EscalationCriticalView or DownloadUNDERCODE2024-11-23
Code4Berry Decoration Management System1.0Permission Issues (User Handler - /decoration/admin/userregister.php)CriticalView or DownloadUNDERCODE2024-11-23
Linux KernelNot specified (potentially all versions before the fix)mctp i2c NULL header address handlingMedium (CVSS score not provided)View or DownloadUNDERCODE2024-11-22
All versions before the fixMemory LeakMedium (CVSS score to be determined)View or DownloadUNDERCODE2024-11-22
Linux KernelNot specifiedNull pointer dereference in firmware:qcom:scmMedium (CVSS score not provided)View or DownloadUNDERCODE2024-11-22
MBed OS6.16.0Buffer Overflow (CVE-2024-48982)CriticalView or DownloadUNDERCODE2024-11-22
Code4Berry Decoration Management System1.0User Permission Handling Vulnerability (CVE-2024-11486)MediumView or DownloadUNDERCODE2024-11-22
Mbed OS6.16.0Buffer Overflow (CVE-2024-48986)CriticalView or DownloadUNDERCODE2024-11-22
Tailoring Management System1.0 (Unaffected versions not specified)SQL Injection through /expcatedit.php argument manipulation (id)Medium (CVSS v4.0 Base Score: 5.3)View or DownloadUNDERCODE2024-11-22
Code4Berry Decoration Management System1.0SQL Injection (CVE-2024-11487)CriticalView or DownloadUNDERCODE2024-11-22
1000 Projects Bookstore Management System1.0SQL InjectionCriticalView or DownloadUNDERCODE2024-11-22
AVL-DiTEST-DiagDev libdoip1.0.0Null Pointer Dereference in DoIPConnection::reactOnReceivedTcpMessageMediumView or DownloadUNDERCODE2024-11-22
idcCMS1.60Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-22
Linux KernelNot specified (all versions with vulnerable bnxt_re driver)Out-of-bounds memory accessModerate (CVSS v3 base score: 5.5)View or DownloadUNDERCODE2024-11-22
smol-toml<1.3.1Stack OverflowLowView or DownloadUNDERCODE2023-11-13
TornadoPrior to 6.4.2HTTP Cookie Parsing DoSHighView or DownloadUNDERCODE2024-11-22
SentryAll versions before next releasePotential Client ID and Secret exposure in error messageLowView or DownloadUNDERCODE2024-11-22
UAMQP C libraryUnaffected versions not specifiedRemote Code Execution (RCE)Critical (CVSS score likely high)View or DownloadUNDERCODE2024-11-22
WordPressUp to and including 1.7.2Stored Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-22
java_shop1.0File Upload VulnerabilityNot yet rated by NISTView or DownloadUNDERCODE2024-11-22
AndroidNot specified (all versions before August 2024 patch)Logic error in OwnersData.javaHighView or DownloadUNDERCODE2024-11-22
LibreNMSNot specifiedReflected XSS (CVE-2024-51496)MediumView or DownloadUNDERCODE2024-11-22
ManageEngine ADAudit PlusBelow 8110Authenticated SQL Injection (CVE-2024-36518)HighView or DownloadUNDERCODE2024-11-22
Zyxel P-6101C ADSL modemP-6101CSA6AP_20140331Improper AuthenticationHIGHView or DownloadUNDERCODE2024-11-22
LibreNMSAll versions before 24.10.0Reflected XSSCriticalView or DownloadUNDERCODE2024-11-22
WordPressBreakdance versions up to 1.7.2 (inclusive)Unauthorized Access of DataMediumView or DownloadUNDERCODE2024-11-22
java_shop1.0Incorrect Access ControlCritical (CVSS details not yet available)View or DownloadUNDERCODE2024-11-22
SourceCodester Student Record Management System1.0Memory CorruptionCriticalView or DownloadUNDERCODE2024-11-22
Querydsl5.1.0SQL/HQL InjectionHighView or DownloadUNDERCODE2024-11-22
Not specified (versions 3.2.0 through 4.1.3 are vulnerable)Server-Side Request Forgery (SSRF)High (CVSS score: 7.5)View or DownloadUNDERCODE2024-11-22
SFTPGoAll versionsArbitrary Command ExecutionCriticalView or DownloadUNDERCODE2023-10-24
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHigh (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHigh (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
Luxion KeyShotNot specifiedRemote Code Execution (RCE) through jt file parsingCritical (CVSS score: 7.8)View or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
Luxion KeyShotNot specifiedStack overflow due to improper validation in 3DS file parsingCritical (CVSS score: 7.8)View or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code Execution (RCE)High (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHigh (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHigh (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-22
Adobe InDesign(not specified)Information DisclosureLowView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-18
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHigh (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-22
Linux KernelNot specifiedDivision by zero error in v4l2-tpgMediumView or DownloadUNDERCODE2024-11-22
Linux KernelNot specified (all versions potentially affected)Slab-use-after-free in ksmbd_smb2_session_createHigh (CVSS score: 7.8)View or DownloadUNDERCODE2024-11-22
Linux kernelNot specifiedSlab-use-after-free in smb3_preauth_hash_rsp functionHIGH (CVSS v3 score not provided)View or DownloadUNDERCODE2024-11-22
Linux KernelNot specified (all versions vulnerable before a fix)SCTP Chunk Size Validation Error (CVE-2024-50299)Not officially rated by NIST (NVD) yetView or DownloadUNDERCODE2024-11-22
Linux KernelNot specifiedBuffer overflow in amdgpu_debugfs_gprwave_read() functionMedium (CVSS v2: 4.6, CVSS v3: 7.8)View or DownloadUNDERCODE2024-11-22
Linux KernelNot specified (all versions potentially affected)Uninitialized use of regulator_config in rtq2208 driverHigh (CVSS score not yet available from NVD)View or DownloadUNDERCODE2024-11-22
SourceCodester Student Record Management System1.0Stack-based buffer overflowCriticalView or DownloadUNDERCODE2024-11-22
AndroidNot specified (all versions before March 2024 security patch)Local Information Disclosure (exercise route data)HighView or DownloadUNDERCODE2024-11-22
AndroidNot specifiedIncorrect tag used during device policy serialization (CVE-2024-0047)High (Potential for DoS)View or DownloadUNDERCODE2024-11-22
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHigh (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code Execution (RCE)High (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHigh (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-21
IrfanView4.69 and earlierRemote Code ExecutionHighView or DownloadUNDERCODE2024-11-21
IrfanViewAffected versions prior to 4.70Remote Code ExecutionHighView or DownloadUNDERCODE2024-11-21
Linux Kernel(Not specified in the provided information)Improper access control in raw_copy_{to,from}_user() functionsCritical (CVSS score not yet available)View or DownloadUNDERCODE2024-11-21
Linux KernelNot specified (all versions potentially affected)Use-after-free in USB serial io_edgeport codeMedium (CVSS v2 score: 4.6, CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-11-21
Linux KernelAll versions before the fix for CVE-2024-50265 are vulnerable.Null pointer dereference in ocfs2_xa_remove() functionCriticalView or DownloadUNDERCODE2024-11-21
Linux Kernel(Not specified in the provided information)Flaw in sch_cake's flow accounting logicMediumView or DownloadUNDERCODE2024-11-21
Linux KernelUnaffected versions not specifiedUse-After-Free in vsock/virtio (CVE-2024-50264)Critical (CVSS v3 score details not provided)View or DownloadUNDERCODE2024-11-21
Linux KernelNot specified (all versions vulnerable before fix)Double free of TX skbCriticalView or DownloadUNDERCODE2024-11-21
Oracle Agile PLM Framework9.3.6Information DisclosureHIGH (CVSS Score: 7.5)View or DownloadUNDERCODE2024-11-21
Opencast13 and 14Infinite loop with Elasticsearch queriesCriticalView or DownloadUNDERCODE2024-11-20
LitestarAll versionsDenial of Service (DoS)CriticalView or DownloadUNDERCODE2024-11-20
Microsoft SharePoint ServerNot specifiedRemote Code Execution (RCE)Critical (CVSS score: 7.2)View or DownloadUNDERCODE2024-11-20
Linux KernelNot specified (potential impact on all versions)Information DisclosureLowView or DownloadUNDERCODE2024-11-20
Linux KernelNot specified (likely affects multiple versions)Firmware crash due to invalid peer nss value in association requestModerate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-20
Qualcomm Multiple ProductsVariousMultiple VulnerabilitiesVariesView or DownloadUNDERCODE2024-11-20
Linux KernelNot specified (all versions potentially affected)io_uring overflow handling flawLowView or DownloadUNDERCODE2024-11-20
Linux KernelNot specifiedMemory access issue in drm/amd/display codeModerate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-20
cert-managerAll versions since v0.1.0Denial-of-service (DoS)MediumView or DownloadUNDERCODE2024-11-20
7-ZipAffected versions prior to 24.07Remote Code ExecutionHigh (CVSS Score: 7.8)View or DownloadUNDERCODE2024-11-20
N/AN/AN/AN/AView or DownloadUNDERCODE2024-11-20
Undercoding (mentioned in the article but not a security vulnerability)N/A (Undercoding is not a security vulnerability)View or DownloadUNDERCODE2024-11-20
Linux KernelNot specified (all versions potentially affected)Race condition in ntfs3 driverModerate (CVSS v3 score: 5.5)View or DownloadUNDERCODE2024-11-20
Qualcomm devices(not specified)(not specified)(not specified)View or DownloadUNDERCODE2024-11-20
Qualcomm(see article for specific versions)Potential Remote CompromiseCriticalView or DownloadUNDERCODE2024-11-20
D-Link DI-803316.07.26A1Buffer Overflow (CVE-2024-52759)Critical (CVSS v3 score: 9.8)View or DownloadUNDERCODE2024-11-20
Monoprice Select Mini V2V37.115.32Improper input validation in printing filesMedium (CVSS 3.x Base Score: 5.5)View or DownloadUNDERCODE2024-11-20
WordPress Testimonials Widget PluginUp to and including 4.0.4Stored Cross-Site Scripting (XSS)Unlisted (CVSS score not provided)View or DownloadUNDERCODE2024-11-20
Tenda AC6v2.0 v15.03.06.50Buffer overflow in function "fromSetSysTime" (CVE-2024-52714)Critical (CVSS v3 score: 9.8)View or DownloadUNDERCODE2024-11-20
Linux KernelNot specifiedInteger overflow in drm/amd/display codeModerateView or DownloadUNDERCODE2024-11-20
Cosmos SDKcosmossdk.io/math versions <= math/v1.3.0Mismatched bit-length validation in sdk.Int and sdk.DecHighView or DownloadUNDERCODE2024-11-20
MoodleInsecure Direct Object Reference (IDOR)ModerateView or DownloadUNDERCODE2024-11-20
django CMSBefore 4.0Cross-site Scripting (XSS)ModerateView or DownloadUNDERCODE2024-11-20
Linux KernelNot specified (likely affects multiple versions)Improper synchronization when accessing superblock bufferModerate (CVSS v3 base score: 5.5)View or DownloadUNDERCODE2024-11-20
Linux KernelNot specified (potentially all versions with aforementioned configurations enabled)Out-of-bounds read (based on CVE description)Medium (according to CVE details, no exploit exists)View or DownloadUNDERCODE2024-11-20
N/AN/AN/AN/AView or DownloadUNDERCODE2024-11-20
Buffer overflow in `amdgpu_dm` initializationUnknown (CVSS score not yet available)View or DownloadUNDERCODE2024-11-20
Cisco Identity Services Engine (ISE)All versions (at the time of publishing)Cross-site Scripting (XSS)Medium (CVSS score: 6.1)View or DownloadUNDERCODE2024-11-20
Cisco Identity Services Engine (ISE)
All versions (at the time of publication)
Cross-site Scripting (XSS)
MEDIUM
View or DownloadUNDERCODE2024-11-20
Cisco Identity Services Engine (ISE)
All versions (at the time of publication)
Cross-site Scripting (XSS)
MEDIUM
View or DownloadUNDERCODE2024-11-20
Cisco ISEAll versions (at the time of publishing)XXE (CVE-2024-20531)MEDIUM (CVSS score: 5.5)View or DownloadUNDERCODE2024-11-20
Linux KernelAll versions before 6.11.7Null Pointer Dereference (CVE-2024-53050)MediumView or DownloadUNDERCODE2024-11-20
Cisco Identity Services Engine (ISE)All versions (at the time of publication)Cross-site Scripting (XSS)MEDIUMView or DownloadUNDERCODE2024-11-20
Linux kernelNot specifiedNull pointer dereference in `intel_hdcp_get_capability`Medium (CVSS score not yet available)View or DownloadUNDERCODE2024-11-20
Anton Hoelstad WP Quick Setup<= 2.0Unrestricted Upload of File with Dangerous TypeCriticalView or DownloadUNDERCODE2024-11-20
Mindstien Technologies My Geo Posts FreeAll versions up to 1.2 (inclusive)Deserialization of Untrusted DataCriticalView or DownloadUNDERCODE2024-11-20
WordPress Video Robot - The Ultimate Video ImporterAll versions up to 1.20.0SQL InjectionCriticalView or DownloadUNDERCODE2024-11-20
Lis Video GalleryUp to 0.2.1Deserialization of Untrusted DataCriticalView or DownloadUNDERCODE2024-11-20
Post SMTPAll versions up to 2.9.9SQL InjectionCriticalView or DownloadUNDERCODE2024-11-20
GLPIAll versions before 10.0.17Reflected XSSMediumView or DownloadUNDERCODE2024-11-20
GLPIAll versions before 10.0.17SQL InjectionHigh (CVSS score: 8.1)View or DownloadUNDERCODE2024-11-20
code-projects Job Recruitment1.0SQL InjectionCriticalView or DownloadUNDERCODE2024-11-20
Saso Nikolov Event Tickets with Ticket Scannern/a - 2.3.11Improper Neutralization of Special Elements Used in a Template EngineCriticalView or DownloadUNDERCODE2024-11-20
3.1Heap-Overflow Vulnerability in DCERPC ProtocolCRITICALView or DownloadUNDERCODE2024-11-20
LibreNMSAll versions before 24.10.0Stored Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-20
LibreNMSAll versions before 24.10.0Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-20
MoodleAll versions before 4.5.0-rc2 (unconfirmed)Improper AuthorizationMedium (CVSS v2 score: 5.0, CVSS v3 score: 6.5)View or DownloadUNDERCODE2024-11-20
LibreNMSAll versions before 24.10.0Stored XSSMediumView or DownloadUNDERCODE2024-11-20
LibreNMSUnaffected versions not listed (all versions before 24.10.0 likely vulnerable)Stored Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-20
MoodleVersions before 4.5.0-rc2 are affected (unclear which specific versions)Improper AuthorizationMedium (CVSS v2 score: 6.4, CVSS v3 score: 4.3)View or DownloadUNDERCODE2024-11-20
LibreNMSAll versions before 24.10.0Stored XSSCriticalView or DownloadUNDERCODE2024-11-20
Urchenko Drozd – Addons for ElementorUp to 1.1.1Stored XSS (Cross-site Scripting) (CVE-2024-52425)Medium (CVSS details not specified)View or DownloadUNDERCODE2024-11-20
MoodleAll versions before 4.1.14, 4.2.11, 4.3.8, 4.4.4 (not exhaustive)Information DisclosureMediumView or DownloadUNDERCODE2024-11-20
WordPressLinear plugin <= 2.7.11Cross-site Scripting (XSS)Medium (CVSS details not specified)View or DownloadUNDERCODE2024-11-20
LibreNMSAll versions before 24.10.0Stored Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-20
LibreNMSUnaffected versions not listed (all versions before 24.10.0 likely vulnerable)Stored XSSCriticalView or DownloadUNDERCODE2024-11-20
LibreNMSAll versions before 24.10.0Stored Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-20
SourceCodester Online Eyewear Shop1.0Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-20
WindowsSecureID Software Token for Microsoft WindowsRemote Code ExecutionHighView or DownloadUNDERCODE2024-11-19
eDrawings ViewerAll versions from SOLIDWORKS 2024 through 2025 (unspecified)Heap-based buffer overflow and uninitialized variable vulnerabilities in X_B and SAT file parsingCritical (CVSS: 7.8)View or DownloadUNDERCODE2024-11-19
1000 Projects Beauty Parlour Management System1.0SQL InjectionCriticalView or DownloadUNDERCODE2024-11-19
WordPressWP Activity Log plugin versions up to 5.2.1Stored Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-19
GLPIAll versions before 10.0.17 (vulnerable)Access Control Bypass (CVE-2024-45611)MediumView or DownloadUNDERCODE2024-11-19
WordPressTripetto plugin versions up to 8.0.3Stored Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-19
1000 Projects Beauty Parlour Management System1.0SQL InjectionCriticalView or DownloadUNDERCODE2024-11-19
1000 Projects Portfolio Management System MCA1.0SQL injectionCriticalView or DownloadUNDERCODE2024-11-19
Farmacia1.0 (all versions likely affected)Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-19
Adobe Audition23.6.9, 24.4.6 and earlierOut-of-bounds read vulnerabilityMedium (CVSS: 5.5)View or DownloadUNDERCODE2024-11-19
Microsoft VHDX(Not specified)Denial-of-Service (DoS)Medium (CVSS score: 5.9)View or DownloadUNDERCODE2024-11-19
GLPIAll versions before 10.0.17Reflected XSS (CVE-2024-45609)Medium (CVSS v3.1 score: 6.5) - Though some sources list it as High (CVSS v2 score: 7.8)View or DownloadUNDERCODE2024-11-19
WordPressUp to and including 2.5.7Stored Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-19
WindowsNot specifiedElevation of Privilege in USB Video Class System DriverMEDIUM (CVSS score: 6.8)View or DownloadUNDERCODE2024-11-19
Windows SMBv3 Server(not specified in this article)Remote Code Execution (RCE)High (CVSS score: 8.1)View or DownloadUNDERCODE2024-11-19
GLPIAll versions before 10.0.17Reflected Cross-Site Scripting (XSS)Pending analysis by NISTView or DownloadUNDERCODE2024-11-19
WordPress Plugin (The Music Player for Elementor)All versions up to 2.4.1Unauthorized modification of data (CVE-2024-10582)CriticalView or DownloadUNDERCODE2024-11-19
Remote Code ExecutionHigh (CVSS score: 8.8)View or DownloadUNDERCODE2024-11-19
Ceph RGW (civetweb)Not specifiedMultiple connection establishment to exhaust file descriptorsDenial-of-Service (DoS)View or DownloadUNDERCODE2024-11-19
Intel Server Board M10JNP2SB Family (exact versions not specified)Not specifiedImproper input validation in UEFI firmwareHigh (CVSS score: 7.5 - 8.7 depending on the version of CVSS used)View or DownloadUNDERCODE2024-11-19
Windows Registry Elevation of Privilege VulnerabilityHIGH (CVSS score: 7.5)View or DownloadUNDERCODE2024-11-19
ImageMagick, GraphicsMagickBefore 1.3.24 (both platforms)Arbitrary Code ExecutionNot specified (CVSS score likely available elsewhere)View or DownloadUNDERCODE2024-11-19
ImageMagickNot specified (versions before the fix are vulnerable)Out-of-bounds write via PDB fileMedium (CVSS v3 score: 6.5)View or DownloadUNDERCODE2024-11-19
LittleCMS (lcms or liblcms)Before 1.18beta2Multiple integer overflowsHigh (CVSS v2 score: 9.3)View or DownloadUNDERCODE2024-11-19
.NET Core9.0Denial of Service (DoS)High (CVSS v3 base score: 7.5)View or DownloadUNDERCODE2024-11-19
tsMuxernightly-2024-05-12-02-01-18 (specific version only)Heap-based buffer under-readNot specified (CVSS score not provided)View or DownloadUNDERCODE2024-11-19
Improper Access Control in UEFI firmwareNot yet analyzed by NVDView or DownloadUNDERCODE2024-11-19
GentleSource AppointmindAll versions before 4.0.0Cross-Site Request Forgery (CSRF) leading to Stored XSSHigh (based on CVE details)View or DownloadUNDERCODE2024-11-19
rclonev1.68.1Insecure Handling of SymlinksHighView or DownloadUNDERCODE2024-11-19
Siemens Tecnomatix Plant SimulationAll versions before V2302.0018 and V2404.0007Out-of-bounds read vulnerability in WRL file parsingHigh (CVSS v3.1 score: 7.8)View or DownloadUNDERCODE2024-11-19
Siemens Tecnomatix Plant Simulation(not specified)Remote Code Execution (RCE) through WRL file parsingHigh (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-11-19
Siemens Tecnomatix Plant SimulationNot specifiedRemote Code Execution (RCE) through WRL file parsingView or DownloadUNDERCODE2024-11-19
Cesanta Mongoose Web Server7.14Use of Out-of-range Pointer OffsetMediumView or DownloadUNDERCODE2024-11-19
Cesanta Mongoose Web Server7.14Improper Neutralization of DelimitersMedium (CVSS 3.1 score: 4.0)View or DownloadUNDERCODE2024-11-19
Cesanta Mongoose Web Serverv7.14Out-of-range Pointer OffsetMediumView or DownloadUNDERCODE2024-11-19
Cesanta Mongoose Web Server7.14Use of Out-of-range Pointer OffsetMediumView or DownloadUNDERCODE2024-11-19
Cesanta Mongoose Web Server7.14Use of Out-of-range Pointer OffsetHigh (CVSS Score: 8.5)View or DownloadUNDERCODE2024-11-19
EyouCMS1.51Path TraversalMediumView or DownloadUNDERCODE2024-11-19
Cesanta Mongoose Web Server7.14Integer Overflow or WraparoundHigh (CVSS v2 score: 7.8, CVSS v3 score: 7.5)View or DownloadUNDERCODE2024-11-19
Craft CMSPrior to 4.12.2 and 5.4.3Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)HighView or DownloadUNDERCODE2024-11-19
Cesanta Mongoose Web Server7.14Improper Neutralization of DelimitersMediumView or DownloadUNDERCODE2024-11-19
Cesanta Mongoose Web Server7.14Use of Out-of-range Pointer OffsetMedium (CVSS score: 4.3)View or DownloadUNDERCODE2024-11-19
Craft CMSAll versions before 5.4.9 and 4.12.8Information DisclosureHighView or DownloadUNDERCODE2024-11-19
Apache Kafka2.3.0 - 3.5.2, 3.6.2, 3.7.0Improper Privilege ManagementHighView or DownloadUNDERCODE2023-10-17
Linux kernelNot specified (likely affects multiple versions)Unbalanced locking in pc_clock_settime()Moderate (CVSS v3: 5.5, CVSS v4: 6.8)View or DownloadUNDERCODE2024-11-19
ImageMagickNot specifiedDenial-of-Service (DoS) via crafted PSD fileMedium (CVSS score: 6.5)View or DownloadUNDERCODE2024-11-19
Security Center application (vendor not specified)All versions (not specified)HTML InjectionMedium (CVSS 3.x Base Score: 5.9)View or DownloadUNDERCODE2024-11-19
Linux KernelNot specifiedNamespace copy issue (rbtree removal)Not provided (CVSS details likely missing from provided text)View or DownloadUNDERCODE2024-11-19
Linux KernelNot specifiedMemory Corruption in RDMA/bnxt_re driverNot specified (CVSS score not provided)View or DownloadUNDERCODE2024-11-19
Linux kernelNot specifiedImproper locking during sub buffer order change (CVE-2024-50207)Medium (CVSS score not explicitly mentioned)View or DownloadUNDERCODE2024-11-19
WordPressRoyal Elementor Addons and Templates plugin versions up to 1.7.1001Stored Cross-Site Scripting (XSS)Medium (CVSS 3.1 Base Score: 6.4)View or DownloadUNDERCODE2024-11-19
OpenEMR7.0.1Stored XSSHigh (CVSS score not yet available)View or DownloadUNDERCODE2024-11-19
VK All in One Expansion UnitPrior to 9.100.1.0Cross-site scripting (XSS)Medium (CVSS v3 score: 4.8)View or DownloadUNDERCODE2024-11-19
Linux KernelNot specified (potentially all versions using nilfs2)Improper Error Handling in nilfs2Not yet assigned a CVSS score (as of November 19, 2024)View or DownloadUNDERCODE2024-11-19
WordPressAFI plugin up to and including 1.92.0Reflected Cross-Site Scripting (XSS)Medium (CVSS not yet analyzed)View or DownloadUNDERCODE2024-11-19
WordPressRoyal Elementor Addons and Templates plugin versions up to 1.7.1001Stored Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-19
calibre-webNot specifiedCross-site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-19
WordPressUp to 2.9.5Local File Inclusion (LFI)Critical (CVSS 3.x Base Score: 9.8)View or DownloadUNDERCODE2024-11-19
WordPressMultiManager WP – Manage All Your WordPress Sites Easily plugin (up to 1.0.5)Authentication BypassCriticalView or DownloadUNDERCODE2024-11-19
WordPressRoyal Elementor Addons and Templates plugin versions up to 1.7.1001Stored Cross-Site Scripting (XSS)MediumView or DownloadUNDERCODE2024-11-19
Thunderbird< 128.4.3 and < 132.0.1Disclosure of plaintext in OpenPGP encrypted messagesNot specified (CVSS score likely available elsewhere)View or DownloadUNDERCODE2024-11-19
DolibarrVersions before 'develop' branchImproper AuthorizationMediumView or DownloadUNDERCODE2024-11-19
HarborUnaffected versions not specified (all versions before 2.5.2 likely vulnerable)Improper AuthorizationNot available in provided resourcesView or DownloadUNDERCODE2024-11-19
calibre-webUnknownImproper Access ControlLowView or DownloadUNDERCODE2024-11-19
HarborNot specifiedImproper AuthorizationHigh (CVSS: 7.4)View or DownloadUNDERCODE2024-11-19
SourceCodester Best Employee Management System1.0SQL InjectionMediumView or DownloadUNDERCODE2024-11-19
Harbor1.0 through 1.10.12, 2.0 through 2.4.2 and 2.5 through 2.5.1 (all versions before the fix)Improper AuthorizationHighView or DownloadUNDERCODE2024-11-19
Harbor(Unaffected versions not specified)Insecure Direct Object Reference (IDOR) - CVE-2022-31667High (CVSS details not yet available)View or DownloadUNDERCODE2024-11-19
PHPGurukul User Registration & Login and User Management System3.2Reflected Cross-Site Scripting (XSS)Not officially rated, but likely medium based on similar vulnerabilities.View or DownloadUNDERCODE2024-11-19
HarborAll versions before 2.5.2Insecure Direct Object Reference (IDOR)HighView or DownloadUNDERCODE2024-11-19
SourceCodester Best Employee Management System1.0 (all versions likely affected)SQL InjectionMedium (CVSS v3: 5.1)View or DownloadUNDERCODE2024-11-19
VIWIS LMS9.11Missing Authorization in Print HandlerCriticalView or DownloadUNDERCODE2024-11-19
phpipamAll versions before 1.4.7Cross-Site Scripting (XSS)LowView or DownloadUNDERCODE2024-11-19
WordPress (Hoo Addons for Elementor plugin)Up to 1.0.6Cross-Site Scripting (XSS)Not yet determined (CVSS information is undergoing analysis)View or DownloadUNDERCODE2024-11-18
Kashipara E-learning Management System Project1.0SQL InjectionCritical (CVSS v3 score: 9.8)View or DownloadUNDERCODE2024-11-18
WindowsMultiple versionsElevation of PrivilegeHighView or DownloadUNDERCODE2024-11-18
NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451)Medium (CVSS score: 6.5)View or DownloadUNDERCODE2024-11-18
Palo Alto Networks ExpeditionNot specifiedSQL Injection (CVE-2024-9465)Critical (CVSS score: 9.2)View or DownloadUNDERCODE2024-11-18
Nostromo nhttpd<= 1.9.6Directory TraversalCritical (Remote Code Execution)View or DownloadUNDERCODE2024-11-18
PTZOptics PT30X-SDI/NDI-xxBefore 6.3.40Insufficient Authentication (CVE-2024-8956)Critical (CVSS Score: 9.1)View or DownloadUNDERCODE2024-11-18
Palo Alto Networks ExpeditionAll versions before 1.2.96 (including 1.2.0)OS Command InjectionCRITICAL (CVSS score: 9.9)View or DownloadUNDERCODE2024-11-18
Roundcube WebmailBefore 1.5.7 and 1.6.x before 1.6.7XSS via SVG animate attributesMedium (CVSS score: 6.1)View or DownloadUNDERCODE2024-11-18
PTZOptics PT30X-SDI/NDI-xxBefore 6.3.40OS Command Injection (CVE-2024-8957)HIGH (CVSS: 7.2)View or DownloadUNDERCODE2024-11-18
View or DownloadUNDERCODE2024-11-18
9.0.0.M30Deserialization of untrusted data vulnerabilityCRITICALView or DownloadUNDERCODE2024-11-18
Metabase< 0.40.5 and < 1.40.5Local File Inclusion (LFI)CRITICALView or DownloadUNDERCODE2023-11-28
Windows KernelAllElevation of PrivilegeHIGHView or DownloadUNDERCODE2024-11-18
Palo Alto Networks ExpeditionAll versions before 1.2.92Missing AuthenticationCRITICAL (CVSS Score: 9.3)View or DownloadUNDERCODE2024-11-18
ScienceLogic SL1 (formerly EM7)All versions before 12.1.3, 12.2.3, and 12.3+Remote Code Execution (RCE) due to unspecified third-party component vulnerability (CVE-2024-9537)CRITICAL (CVSS v2: 9.8, CVSS v3: 9.3)View or DownloadUNDERCODE2024-11-18
RavpnMultiple versions affectedRemote Access VPN (RAVPN) Service Denial of Service (DoS) VulnerabilityMEDIUMView or DownloadUNDERCODE2024-11-18
Jira

Critical

View or DownloadUNDERCODE2024-11-18
Spring MVCVulnerable versionsDoSModerateView or DownloadUNDERCODE2024-11-19
Apache Tomcat11.0.0-M23 through 11.0.0-M26, 10.1.27 through 10.1.30, 9.0.92 through 9.0.95Request and/or response mix-upModerateView or DownloadUNDERCODE2024-11-19
Rust crate `sharks`Affected versionsShamir Secret Sharing biasMediumView or DownloadUNDERCODE2024-11-19
django CMS3.11.7, 3.11.8, 4.1.2, 4.1.3Cross-Site Scripting (XSS)CriticalView or DownloadUNDERCODE2024-11-19
aiohttp(Affected versions)Memory LeakModerateView or DownloadUNDERCODE2024-11-19
PhpSpreadsheetAll versions before 1.9.4, 2.1.3, 2.3.2, and 3.4.0XXE (XML External Entity)HighView or DownloadUNDERCODE2024-11-19
Moodle!ERROR! B767 -> Formula Error: Unexpected ,IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Debezium database connector[Specific version affected]Script injectionModerateView or DownloadUNDERCODE2024-11-19
< v2.10.2Multiple Command Injection VulnerabilitiesMediumView or DownloadUNDERCODE2024-11-19
MoodleIDORModerateView or DownloadUNDERCODE2024-11-19
Cobbler3.0.0 - 3.2.2 / 3.3.6 (all prior to 3.2.3 and 3.3.7)Improper AuthenticationCriticalView or DownloadUNDERCODE2024-11-19
MoodleUnauthorized deletion of report audiencesModerateView or DownloadUNDERCODE2024-11-19
UndertowIncorrect Cookie ParsingHighView or DownloadUNDERCODE2024-11-19
Graylog6.1.0, 6.1.1Concurrent PDF report rendering information leakageHighView or DownloadUNDERCODE2024-11-19
PhpSpreadsheet= 2.0.0 = 2.2.0 = 3.3.0 < 3.4.0XXE (XML External Entity)HighView or DownloadUNDERCODE2024-11-19
LibreNMS(Unaffected versions to be filled by official source)Stored XSSCriticalView or DownloadUNDERCODE2024-11-19
aiohttpVulnerable versionsRequest SmugglingModerateView or DownloadUNDERCODE2024-11-19
Regular Expression Denial of Service (ReDoS)LowView or DownloadUNDERCODE2024-11-19
OpenStack[Specific Version Affected]Improper Deletion of Access RulesModerateView or DownloadUNDERCODE2024-11-19
Elevation of Privilege in Secure Kernel ModeMedium (CVSS v3.1 base score: 6.7)View or DownloadUNDERCODE2024-11-19
Elevation of PrivilegeMedium (CVSS score: 6.8)View or DownloadUNDERCODE2024-11-19
Elevation of Privilege in DWM Core LibraryHIGH (CVSS 3.1 base score: 7.8)View or DownloadUNDERCODE2024-11-19
WindowsNot specified (all Windows versions with Kerberos are likely vulnerable)Remote Code Execution (RCE)Critical (CVSS 3.x score: 9.8)View or DownloadUNDERCODE2024-11-19
Windows (affected versions not specified)Not specifiedElevation of Privilege in USB Video Class System DriverMedium (CVSS v3 score: 6.8)View or DownloadUNDERCODE2024-11-19
Windows(not specified)Windows Registry Elevation of PrivilegeHIGH (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-11-19
TorchGeo (exact platform unspecified)UnknownRemote Code Execution (RCE)HIGH (CVSS score: 8.1)View or DownloadUNDERCODE2024-11-19
Client-Side Caching Elevation of PrivilegeHIGH (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-11-19
Win32k Elevation of Privilege VulnerabilityHIGH (CVSS v3.1 base score: 7.8)View or DownloadUNDERCODE2024-11-19
Windows KernelNot specifiedElevation of PrivilegeHIGH (CVSS v3 score: 7.8)View or DownloadUNDERCODE2024-11-19
Secure Kernel Mode Elevation of PrivilegeMedium (CVSS v3 score: 6.7)View or DownloadUNDERCODE2024-11-19
Microsoft PC Manager(not specified in available information)Elevation of PrivilegeHigh (CVSS 3.1: 7.8)View or DownloadUNDERCODE2024-11-19
Windows Telephony Service(Not specified)Remote Code Execution (RCE)High (CVSS 3.x Base Score: 8.8)View or DownloadUNDERCODE2024-11-19
Microsoft Hyper-V(not specified in available information)Denial of Service (DoS)Medium (CVSS 3.1 base score: 6.5)View or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Moodle< 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4IDOR (Insecure Direct Object Reference)ModerateView or DownloadUNDERCODE2024-11-19
Apple Products (tvOS, visionOS, Safari, watchOS, iOS, iPadOS, macOS)Not applicable (fixed in specific versions)URL protocol handling issue allowing potential web content restriction bypassMedium (CVSS v2: 5.5, CVSS v3 details not provided)View or DownloadUNDERCODE2024-11-19
Hugging Face TransformersAffected versionsRemote Code ExecutionCritical (CVSS 8.8)View or DownloadUNDERCODE2024-11-19
AndroidNot specifiedOut-of-bounds write in PMRWritePMPageList function (pmr.c)High (Local Privilege Escalation)View or DownloadUNDERCODE2024-11-19
Gogs<= 0.12.7Remote Command ExecutionMediumView or DownloadUNDERCODE2024-11-19
usememos/memos0.9.1 (Vulnerable)Stored XSSCriticalView or DownloadUNDERCODE2024-11-19
Wallabag2.5.2CSRFNot specified in the provided informationView or DownloadUNDERCODE2024-11-19

🦑 WANT MORE ?

Loading…
Scroll to Top