Platform | Affected Version(s) | Vulnerability | Severity | Full Post | Reporter | Date |
---|---|---|---|---|---|---|
Authorization Bypass via Misused ServerConfig.PublicKeyCallback | Medium | View or Download | UNDERCODE | 2024-12-11 | ||
Linux Kernel | Not specified (all versions before the fix) | Memory Leak (due to missing kfree_skb()) | Low (addressed in kernel updates) | View or Download | UNDERCODE | 2024-12-11 |
GitLab CE/EE | All versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1 | Uncontrolled Resource Consumption (DoS) | Medium | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel | Medium (CVSS v3 base score not available yet) | View or Download | UNDERCODE | 2024-12-11 | ||
macOS Sonoma | All versions before 14.6 | Buffer Overflow (CVSS: High) | Critical | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel | Unaffected versions not listed (all versions before the fix are assumed vulnerable) | Memory Leak (vsock sk_error_queue) | Medium (CVSS 3.x Base Score: 5.5) | View or Download | UNDERCODE | 2024-12-11 |
kcp | Affected versions are prior to 0.26.1. | Impersonation vulnerability | Critical | View or Download | UNDERCODE | 2023-11-28 |
SiYuan | <= 0.0.0-20241210012039-5129ad926a21 | Server-Side Template Injection (SSTI) | Moderate | View or Download | UNDERCODE | 2024-12-11 |
SiYuan | <= 0.0.0-20241210012039-5129ad926a21 | Arbitrary File Read | High | View or Download | UNDERCODE | 2024-12-11 |
SiYuan | <= 0.0.0-20241210012039-5129ad926a21 | Arbitrary File Write | High | View or Download | UNDERCODE | 2024-12-11 |
Apple iOS, iPadOS, tvOS, and visionOS | Unaffected versions not listed (Update to the latest version is recommended) | Kernel Memory Corruption (CVE-2024-44277) | Critical | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel | Not specified (all versions potentially affected) | Bluetooth handle release issue | Medium (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-12-11 |
Downgrade | View or Download | UNDERCODE | 2024-12-11 | |||
Apple Products (iOS, iPadOS, macOS, watchOS, visionOS) | Unaffected versions not listed (all prior versions potentially vulnerable) | Information Disclosure (CVE-2024-44278) | Critical | View or Download | UNDERCODE | 2024-12-11 |
JFinalCMS | 1.0 | Server-Side Template Injection | View or Download | UNDERCODE | 2024-12-11 | |
Liferay Digital Experience Platform | Up to 7.4.3.15 | Remote Code Execution (RCE) | Critical | View or Download | UNDERCODE | 2024-12-11 |
Kashipara E-learning Management System | v1.0 | Critical | View or Download | UNDERCODE | 2024-12-11 | |
Liferay Portal, Liferay DXP | 7.2.0 through 7.4.3.12 (Portal), all versions before update 9 (DXP 7.4), all versions before service pack 3 (DXP 7.3), all versions before fix pack 19 (DXP 7.2), and older unsupported versions. | Open Redirect (CVE-2024-25609) | Critical (CVSS: 6.1) | View or Download | UNDERCODE | 2024-12-11 |
macOS | Not specified (potentially all versions before Ventura 13.7.1 and Sonoma 14.7.1) | PackageKit flaw allowing modification of protected file system areas (CVE-2024-44275) | Unknown (awaiting analysis) | View or Download | UNDERCODE | 2024-12-11 |
Kashipara E-learning Management System | v1.0 | SQL Injection | Critical (CVSS score unavailable) | View or Download | UNDERCODE | 2024-12-11 |
JFinalCMS | 1.0 | Cross-Site Request Forgery (CSRF) | Medium | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel | Not specified | Undefined Behavior due to stack usage | Low (CVSS details not provided) | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel | Not specified | Bluetooth handle overflow (CVE-2024-42132) | Low (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel (ARM) | Not specified | Cache Flushing Issue | Critical (CVSS details not provided) | View or Download | UNDERCODE | 2024-12-11 |
OpenHarmony | Prior to 4.0.1 | Out-of-Bounds Read | View or Download | UNDERCODE | 2024-12-11 | |
Linux Kernel | Unaffected versions not mentioned | Use-after-free (UAF) in the sctp_v6_available() function | Critical (DoS) | View or Download | UNDERCODE | 2024-12-11 |
Hewlett Packard Enterprise Insight Remote Support | ( not specified ) | Directory Traversal | CRITICAL (CVSS Score: 9.8) | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel | Not specified | Unbalanced pm_runtime_enable! (CVE-2024-53134) | Medium | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel | Not specified | Deadlock when accessing tmpfs over NFS | Medium (CVSS details not provided) | View or Download | UNDERCODE | 2024-12-11 |
Huawei (exact platform unspecified) | (not specified) | Insufficient verification in system sharing pop-up module (CVE-2024-32989) | High (availability impact) | View or Download | UNDERCODE | 2024-12-11 |
HarmonyOS | All versions before a patch is applied (specifically mentioned for 4.0.0 and 4.2.0) | Permission verification vulnerability in the system sharing pop-up module | MEDIUM (CVSS score: 6.1) | View or Download | UNDERCODE | 2024-12-11 |
Apache Airflow | 2.8.0 - 2.8.2 (inclusive) | Incorrect Privilege Assignment | Moderate | View or Download | UNDERCODE | 2024-12-11 |
HarmonyOS (all versions mentioned in the references are vulnerable) | Not specified | Out-of-bounds memory access | View or Download | UNDERCODE | 2024-12-11 | |
Apache Airflow | Before 2.9.2 | Use of Web Browser Cache Containing Sensitive Information | Medium | View or Download | UNDERCODE | 2024-12-11 |
HarmonyOS | Not specified | Insufficient verification vulnerability in the baseband module | High | View or Download | UNDERCODE | 2024-12-11 |
MEDIUM (CVSS 3.1 score: 6.2) | View or Download | UNDERCODE | 2024-12-11 | |||
wpa_supplicant module (platform not specified) | Not specified | Permission verification vulnerability (CVE-2024-32991) | Critical (CVSS score not explicitly mentioned but the description indicates critical impact) | View or Download | UNDERCODE | 2024-12-11 |
Linux Kernel | Unaffected versions not specified (all before the patch) | Privilege Escalation | Low | View or Download | UNDERCODE | 2024-12-11 |
Missing outer runtime PM protection in drm/xe driver | Medium (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-12-11 | ||
Local Privilege Escalation (SBAMSvc Link Following) | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-12-11 | ||
Linux Kernel | Not specified (all versions using nilfs2 file system are potentially affected) | Null Pointer Dereference | Low (CVSS score might be available elsewhere) | View or Download | UNDERCODE | 2024-12-11 |
Local Privilege Escalation | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-12-11 | ||
Heap-based Buffer Overflow (CVE-2024-8025) | Critical | View or Download | UNDERCODE | 2024-12-11 | ||
IBM Cognos Controller | 11.0.0, 11.0.1 | Malicious File Upload (CVE-2024-25019) | Critical | View or Download | UNDERCODE | 2024-12-11 |
Visteon Infotainment System | N/A | Local Privilege Escalation (LPE) | Critical | View or Download | UNDERCODE | 2024-12-11 |
Visteon Infotainment App SoC (System-on-Chip) | Not specified | Missing Immutable Root of Trust (Hardware Local Privilege Escalation) | View or Download | UNDERCODE | 2024-12-11 | |
Visteon Infotainment Systems | (not specified) | Command Injection (CVE-2024-8359) | High (CVSS score: 6.8) | View or Download | UNDERCODE | 2024-12-11 |
IBM Cognos Controller | 11.0.0, 11.0.1 | Exposure of Sensitive Information | Not available (CVSS details not provided) | View or Download | UNDERCODE | 2024-12-11 |
IBM Cognos Controller | 11.0.0, 11.0.1 | Unrestricted File Upload | Critical (CVSS 3.1 score not provided) | View or Download | UNDERCODE | 2024-12-11 |
IBM Cognos Controller | 11.0.0, 11.0.1 | File Upload Vulnerability (CVE-2024-45676) | Critical | View or Download | UNDERCODE | 2024-12-11 |
IBM Cognos Controller | 11.0.0, 11.0.1 | Weak Cryptographic Algorithms | Critical (CVSS details not provided) | View or Download | UNDERCODE | 2024-12-11 |
Checkmk Exchange Plugin for MikroTik | 2.0.0 - 2.5.5 & 0.4a_mk - 2.0a | Improper Certificate Validation (CVE-2024-38861) | MEDIUM (CVSS v4.0: 4.9) | View or Download | UNDERCODE | 2024-12-11 |
Multiple Apple products (iOS, iPadOS, macOS, watchOS, tvOS) | All versions before iOS/iPadOS 17.7, macOS 13.7, etc. (see NVD for specifics) | CVE-2024-44169 (Kernel Logic Issue) | Not specified (likely medium or high) | View or Download | UNDERCODE | 2024-12-11 |
macOS | All versions before macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15 (patched) | Buffer overflow in Intel Graphics Driver (CVE-2024-44160) | Critical | View or Download | UNDERCODE | 2024-12-11 |
Checkmk | Before 2.3.0p16 and 2.2.0p34 | Cross-Site Scripting (XSS) | MEDIUM (CVSS v3: 5.1) | View or Download | UNDERCODE | 2024-12-11 |
Apple iOS | All versions before iOS 18 and iPadOS 18 (Vulnerable) | Authentication Bypass (CVE-2024-44202) | Critical | View or Download | UNDERCODE | 2024-12-11 |
Wazifa System | 1.0 | Cross-site Scripting (XSS) | Medium (CVSS score: 5.3) | View or Download | UNDERCODE | 2024-12-11 |
1000 Projects Library Management System | 1.0 | SQL Injection (CVE-2024-12188) | Critical | View or Download | UNDERCODE | 2024-12-11 |
PHPGurukul Complaint Management System | 1.0 | SQL Injection (CVE-2024-12230) | Critical | View or Download | UNDERCODE | 2024-12-11 |
WeiYe-Jing datax-web | 2.1.1 | OS Command Injection (CVE-2024-12358) | Critical | View or Download | UNDERCODE | 2024-12-11 |
TP-Link VN020 F3v(T) | TT_V6.2.1021 | Buffer Overflow | Critical | View or Download | UNDERCODE | 2024-12-11 |
Online Class and Exam Scheduling System | 1.0 | SQL Injection (CWE-74, CWE-89) | Critical (CVSS v2: 6.5, CVSS v3: 6.3, CVSS v4: 5.3) | View or Download | UNDERCODE | 2024-12-11 |
TOTOLINK EX1800T | 9.1.0cu.2112_B20220316 | Stack Overflow (CVE-2024-12352) | Medium | View or Download | UNDERCODE | 2024-12-11 |
code-projects Online Notice Board | Up to 1.0 | Unrestricted File Upload | Critical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) | View or Download | UNDERCODE | 2024-12-11 |
SourceCodester Phone Contact Manager System | 1.0 | Improper Input Validation | Medium (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) | View or Download | UNDERCODE | 2024-12-11 |
PHPGurukul Complaint Management System | 1.0 | SQL Injection (CVE-2024-12228) | Critical | View or Download | UNDERCODE | 2024-12-11 |
SourceCodester Petrol Pump Management Software | 1.0 | Unrestricted File Upload | Critical (CVSS score not provided) | View or Download | UNDERCODE | 2024-12-11 |
SourceCodester Best House Rental Management System | 1.0 | File Inclusion | Medium (CVSS v3: 4.3, CVSS v2: 5.0, CVSS v4: 6.9) | View or Download | UNDERCODE | 2024-12-11 |
SourceCodester Phone Contact Manager System | 1.0 | Improper Input Validation | Medium (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N) | View or Download | UNDERCODE | 2024-12-11 |
Tenda Routers (FH451, FH1201, FH1202, FH1206) | Up to 20241129 | Null Pointer Dereference (in websReadEvent function of /goform/GetIPTV) | MEDIUM (CVSS score: 5.3) | View or Download | UNDERCODE | 2024-12-11 |
Override leakage to global cache | Critical | View or Download | UNDERCODE | 2024-12-10 | ||
Ruby on Rails | Cross-Site Scripting (XSS) | Low | View or Download | UNDERCODE | 2024-12-10 | |
peerigon/angular-expressions | Unaffected versions: >= 1.4.3 | Remote Code Execution (RCE) | Critical | View or Download | UNDERCODE | 2024-12-10 |
wasmvm, cosmwasm-vm | (details not yet available) | Medium (Moderate + Likely) | View or Download | UNDERCODE | 2024-12-10 | |
CosmWasm VM | Multiple (see Affected Versions) | Unspecified (details pending) | Medium | View or Download | UNDERCODE | 2024-12-10 |
Linux Kernel | Not specified (versions up to 6.11.3 are vulnerable) | Integer overflow in AMD display driver (CVE-2024-50177) | Medium | View or Download | UNDERCODE | 2024-12-10 |
SourceCodester Simple Online Bidding System | 1.0 | SQL Injection | Critical (CVSS v3 Base Score: 5.3 - MEDIUM) | View or Download | UNDERCODE | 2024-12-10 |
SourceCodester Simple Online Bidding System | 1.0 | Cross-Site Request Forgery (CSRF) | MEDIUM (CVSS score: 6.9) | View or Download | UNDERCODE | 2024-12-10 |
SourceCodester Simple Online Bidding System | 1.0 | SQL Injection | View or Download | UNDERCODE | 2024-12-10 | |
SourceCodester Simple Online Bidding System | 1.0 | Cross-Site Request Forgery (CSRF) | MEDIUM | View or Download | UNDERCODE | 2024-12-10 |
Linux Kernel | All versions with MPTCP enabled (potentially from 5.7 to later) | mptcp: handle consistently DSS corruption | Medium (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-12-10 |
SourceCodester Simple Online Bidding System | 1.0 | SQL Injection | Critical (CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) | View or Download | UNDERCODE | 2024-12-10 |
Hugo | >= 0.123.0, < 0.139.4 | Unescaped Attributes in Internal Templates | Moderate | View or Download | UNDERCODE | 2024-12-09 |
Apache Superset | 2.0.0 to 4.1.0 (excluding 4.1.0) | Improper Authorization | High | View or Download | UNDERCODE | 2024-12-09 |
Winter CMS | Affected versions | Twig Sandbox Bypass | Critical | View or Download | UNDERCODE | 2024-12-09 |
idna | <= 0.5.0 | Punycode Spoofing (CVE- not mentioned) | Critical | View or Download | UNDERCODE | 2024-12-09 |
League/CommonMark | Affected versions prior to 2.6.0 | Denial of Service (DoS) | Critical | View or Download | UNDERCODE | 2023-11-28 |
HarmonyOS | Not specified (all versions before May 2024 patch are likely vulnerable) | Null Pointer Access (CVE-2024-32998) | Medium | View or Download | UNDERCODE | 2024-12-09 |
HarmonyOS | Not specified (all versions before 17.5 are likely vulnerable) | Race condition in binder driver module (CVE-2024-32997) | High | View or Download | UNDERCODE | 2024-12-09 |
(Multiple - see below) | (All versions before 17.5/10.5/14.5) | Logic Issue (CVE-2024-27816) | Critical | View or Download | UNDERCODE | 2024-12-09 |
Huawei | EMUI 14, EMUI 13, HarmonyOS 4.2, HarmonyOS 4.0, HarmonyOS 3.1, HarmonyOS 3.0 (based on Huawei security bulletin) | PIN enhancement failures in the screen lock module | High | View or Download | UNDERCODE | 2024-12-09 |
Cracking vulnerability in the OS security module | View or Download | UNDERCODE | 2024-12-09 | |||
EMUI (Huawei) | Not specified | Improper Permission Control in Window Management | Medium | View or Download | UNDERCODE | 2024-12-09 |
HarmonyOS | All versions before a fix is applied (specific versions not mentioned) | Cracking vulnerability in the OS security module | Medium (CVSS score: 6.4) | View or Download | UNDERCODE | 2024-12-09 |
HarmonyOS | All versions (not specified) | Privilege Escalation due to permission control issue in the App Multiplier module | High | View or Download | UNDERCODE | 2024-12-09 |
Apple Vision Pro | Not specified (versions before 1.1 are vulnerable) | Permissions Issue | Critical | View or Download | UNDERCODE | 2024-12-09 |
macOS Sonoma | Not specified | Code Execution | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-12-09 |
Apple Platforms (tvOS, iOS, iPadOS, macOS, watchOS) | Unaffected versions are tvOS 17.4, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, and watchOS 10.4 or later. | CVE-2024-23293 - Spotlight vulnerability allowing access to sensitive user data through Siri with physical access. | Critical | View or Download | UNDERCODE | 2024-12-09 |
Rockwell Automation Arena Simulation Software | Not specified | Heap-based memory buffer overflow | HIGH (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-12-09 |
Rockwell Automation Arena Simulation software | Not specified | Memory buffer overflow | Critical (CVSS v3 score: 7.8, CVSS v4 score: 8.4) | View or Download | UNDERCODE | 2024-12-09 |
Rockwell Automation Arena Simulation | All Versions (not specified) | Memory Buffer Overflow | Medium (CVSS v3 score: 4.4) | View or Download | UNDERCODE | 2024-12-09 |
Palo Alto Networks PAN-OS (with Captive Portal enabled) | Not specified | Reflected Cross-Site Scripting (XSS) - CVE-2024-0011 | MEDIUM (CVSS v3 score: 4.3) | View or Download | UNDERCODE | 2024-12-09 |
Palo Alto Networks PAN-OS | Reflected Cross-Site Scripting (XSS) - CVE-2024-0010 | MEDIUM (CVSS score: 4.3) | View or Download | UNDERCODE | 2024-12-09 | |
Rockwell Automation Arena Simulation | All versions (not specified) | Arbitrary Code Execution | Critical (CVSS v3: 7.8, CVSS v4: 8.4) | View or Download | UNDERCODE | 2024-12-09 |
Not specified (all versions before iOS 17.4, iPadOS 17.4, macOS Monterey 12.7.4, etc. are vulnerable) | Validation Issue | High | View or Download | UNDERCODE | 2024-12-09 | |
macOS Sonoma | All versions before 14.4 | Improper handling of temporary files (CVE-2024-23287) | Critical | View or Download | UNDERCODE | 2024-12-09 |
Apple GarageBand | All versions before 10.4.11 (Vulnerable) | Use-after-free | Critical (CVSS score not provided) | View or Download | UNDERCODE | 2024-12-09 |
macOS, iOS, iPadOS | (Unaffected versions not specified) | Incomplete data redaction in log entries | Critical (An app may be able to access user-sensitive data) | View or Download | UNDERCODE | 2024-12-09 |
macOS (various versions) | Not specified | Memory Corruption | Critical | View or Download | UNDERCODE | 2024-12-09 |
Apple (iOS, iPadOS, macOS, watchOS) | All versions before iOS 16.7.6, iPadOS 16.7.6, iOS 17.4, iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4 | Lock Screen Bypass via Siri | Critical | View or Download | UNDERCODE | 2024-12-09 |
Apple iOS | All versions before 16.7.6 and 17.4 | System Notification Spoofing | Critical (CVSS score unavailable) | View or Download | UNDERCODE | 2024-12-09 |
Remote Code Execution (RCE) | Critical (unauthenticated attacker can execute arbitrary code) | View or Download | UNDERCODE | 2024-12-09 | ||
WhatsUp Gold | Before 2023.1.2 | Server-Side Request Forgery (SSRF) | MEDIUM | View or Download | UNDERCODE | 2024-12-09 |
WhatsUp Gold | Before 2023.1.2 | SSRF | Medium (CVSS v3 score: 4.2) | View or Download | UNDERCODE | 2024-12-09 |
WhatsUp Gold | Before 24.0.1 | SQL Injection (CVE-2024-46906) | Critical (CVSS score: 8.8) | View or Download | UNDERCODE | 2024-12-09 |
Drupal Core | Vulnerable versions | Improper Error Handling | Moderate | View or Download | UNDERCODE | 2024-12-07 |
Android | Affected versions are prior to 2.3.4. | Deserialization vulnerability | Low | View or Download | UNDERCODE | 2024-12-07 |
Moderate | View or Download | UNDERCODE | 2024-12-07 | |||
`path-to-regexp` | 0.1.x | ReDoS | Moderate | View or Download | UNDERCODE | 2024-12-07 |
(not specified in the article) | HTML Injection (CVE-2024-54128) | Critical | View or Download | UNDERCODE | 2024-12-07 | |
PyO3 | 0.23.0 to 0.23.2 | Build corruption | Moderate | View or Download | UNDERCODE | 2024-12-07 |
pprof | (Unaffected versions not specified) | Unsound memory access due to type mismatch and misalignment | Low | View or Download | UNDERCODE | 2024-12-07 |
linkme | Affected versions | Type Mismatch | Low | View or Download | UNDERCODE | 2024-12-07 |
Drupal Core | >= 10.1.0, = 10.2.0, < 10.2.2 | Denial of Service | High | View or Download | UNDERCODE | 2024-12-07 |
Solana Web3.js | 1.95.6 and 1.95.7 | Supply chain attack leading to private key theft | Critical | View or Download | UNDERCODE | 2024-12-07 |
anstream (Rust) | < 0.6.8 | Unsoundness | Moderate | View or Download | UNDERCODE | 2024-12-07 |
GitHub CLI | Not specified (versions before 2.63.1) | Path Traversal | Moderate | View or Download | UNDERCODE | 2024-12-07 |
PAN-OS | Privilege Escalation | MEDIUM | View or Download | UNDERCODE | 2024-12-07 | |
Metabase | Affected versions include 0.40.4 and earlier, and 1.40.4 and earlier. | Local File Inclusion (LFI) | Critical (CVSS Score: 10.0) | View or Download | UNDERCODE | 2024-12-07 |
Windows | Multiple Windows versions are affected. | Elevation of Privilege | HIGH | View or Download | UNDERCODE | 2024-12-07 |
Atlassian Jira Server and Data Center | Before 8.5.14, 8.6.0-8.13.6, 8.14.0-8.16.1 | Path Traversal | Critical | View or Download | UNDERCODE | 2021-03-16 |
Safari, iOS, iPadOS, macOS, visionOS | Affected versions are older than Safari 18.1.1, iOS 17.7.2, iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1, iPadOS 18.1.1, visionOS 2.1.1. | Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-12-07 |
Kemp LoadMaster | All versions before 7.2.48.10, 7.2.54.8, 7.2.59.2 | Unauthenticated Command Injection | Critical (CVSS v3 score: 10.0) | View or Download | UNDERCODE | 2024-12-07 |
vCenter Server | Affected versions are not explicitly mentioned. | Heap-overflow vulnerability in the DCERPC protocol implementation. | Critical (CVSS Score: 9.8) | View or Download | UNDERCODE | 2024-12-07 |
Palo Alto Networks Expedition | (Not specified) | SQL Injection (CVE-2024-9465) | Critical (CVSS score: 9.2) | View or Download | UNDERCODE | 2024-12-07 |
Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series | V5.00 through V5.38 | Directory Traversal | HIGH | View or Download | UNDERCODE | 2024-12-07 |
Oracle Agile PLM Framework | 9.3.6 | Information Disclosure | High | View or Download | UNDERCODE | 2024-12-07 |
ProjectSend | Prior to r1720 | Improper Authentication | Critical (CVSS Score: 9.8) | View or Download | UNDERCODE | 2024-12-07 |
Not specified (WebKit is used across various Apple products) | Versions prior to those mentioned above (specific versions not provided) | Sandbox Escape (Critical) | Critical | View or Download | UNDERCODE | 2024-12-06 |
Apple iOS, iPadOS, macOS | Versions before iOS 17.4, iPadOS 17.4, and macOS Sonoma 14.4 | Authentication Bypass in Hidden Photos Album | Critical (CVSS details not shown in excerpt) | View or Download | UNDERCODE | 2024-12-06 |
Apple (mentioned in source) | Not specified (all versions before the fixed ones are vulnerable) | Race Condition (mentioned in description) | High (implied by potential access to user-sensitive data) | View or Download | UNDERCODE | 2024-12-06 |
Zyxel USG FLEX H Series | uOS versions up to (excluding) 1.30 | Insufficiently protected credentials | Critical (CVSS v3 score details not provided) | View or Download | UNDERCODE | 2024-12-06 |
iOS, iPadOS, tvOS, watchOS, macOS (all versions before the mentioned fixes) | Not applicable (all versions before the fixes) | Unrestricted Microphone Access | View or Download | UNDERCODE | 2024-12-06 | |
macOS Sonoma | Not specified (all versions before 14.4 are vulnerable) | Improper memory handling | Medium (allows denial-of-service or potential information disclosure) | View or Download | UNDERCODE | 2024-12-06 |
macOS Sonoma | (Not specified in the provided text) | Memory Access Issue | Critical (CVE-2024-23249) | View or Download | UNDERCODE | 2024-12-06 |
Apple iOS | Versions before 17.4 | Shake-to-Undo information disclosure (CVE-2024-23240) | Critical | View or Download | UNDERCODE | 2024-12-06 |
macOS | Sonoma 14.4, Monterey 12.7.4 (Unaffected versions not listed) | Privilege Escalation | Critical | View or Download | UNDERCODE | 2024-12-06 |
macOS Sonoma | Before 14.4 | Permissions Issue (CVE-2024-23253) | Low | View or Download | UNDERCODE | 2024-12-06 |
macOS | Not specified (all versions vulnerable before macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5) | Out-of-bounds write in Kerberos v5 PAM module | Critical (CVSS v3.1: CISA-ADP AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) | View or Download | UNDERCODE | 2024-12-06 |
(see below) | (see below) | Information Leakage | View or Download | UNDERCODE | 2024-12-06 | |
macOS | Sonoma 14.4, Monterey 12.7.4, Ventura 13.6.5 (all prior versions are vulnerable) | Improper Memory Handling (Code Execution) | Critical | View or Download | UNDERCODE | 2024-12-06 |
Directus | Not specified (update to latest version) | Client-Side HTML Injection (CVE-2024-54128) | Critical | View or Download | UNDERCODE | 2024-12-05 |
sigstore-java | Low (for non-monitors/witnesses) | View or Download | UNDERCODE | 2024-12-05 | ||
Drupal Core | N/A | Improper Error Handling | Moderate | View or Download | UNDERCODE | 2024-12-05 |
Drupal Core | 10.1.0 - 10.1.7, 10.2.0 - 10.2.1 | Denial of Service | High | View or Download | UNDERCODE | 2024-12-05 |
Apache Hive | 4.0.0-alpha-1 | Deserialization of untrusted data | High | View or Download | UNDERCODE | 2024-12-05 |
Perl (App::cpanminus package) | Up to 1.7047 | Insecure HTTP Download | Critical (CVSS 3.0: 9.8/10) | View or Download | UNDERCODE | 2024-12-05 |
Low | View or Download | UNDERCODE | 2024-12-05 | |||
PyO3 | 0.23.0 - 0.23.2 | Build Corruption | Moderate | View or Download | UNDERCODE | 2024-12-05 |
Microsoft Brokering File System (Platform details not specified) | (Version information not provided) | Elevation of Privilege | HIGH (CVSS v3 Base Score: 7.8) | View or Download | UNDERCODE | 2024-12-05 |
Dell Secure Connect Gateway (SCG) Policy Manager | All | Stored Cross-Site Scripting (XSS) | HIGH | View or Download | UNDERCODE | 2024-12-05 |
Rpgp | All versions prior to 0.14.1 | Multiple vulnerabilities leading to denial-of-service | Critical | View or Download | UNDERCODE | 2024-12-05 |
Spring LDAP | All versions before 2.4.0, 2.4.0 through 2.4.3, 3.0.0 through 3.0.9, 3.1.0 through 3.1.7, 3.2.0 through 3.2.7 | Information Exposure | Moderate (CVE-2024-38829) | View or Download | UNDERCODE | 2024-12-04 |
Anstream (platform unspecified) | Not specified | Unhandled Character Encoding | View or Download | UNDERCODE | 2024-12-04 | |
Apache HTTP Server | Affected versions include 2.4.49 and earlier. | A remote code execution vulnerability that can be exploited to execute arbitrary code on the server. | Critical | View or Download | UNDERCODE | 2024-12-04 |
Linkme | Affected versions | Type Mismatch | Low | View or Download | UNDERCODE | 2024-12-04 |
Checkmk | Up to 2.0.0, specific 2.1.0 and 2.2.0 versions | Multiple vulnerabilities (CVE-2023-43277, CVE-2023-43278, CVE-2023-43279) | High (CVE-2023-43277), Medium (CVE-2023-43278, CVE-2023-43279) | View or Download | UNDERCODE | 2024-12-04 |
PDF-XChange Editor | (not specified) | Out-of-Bounds Read Information Disclosure | View or Download | UNDERCODE | 2024-12-04 | |
Adobe Animate | 24.0 and earlier (including 23.0.3) | Out-of-Bounds Read (CVE-2024-20762) | MEDIUM (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-12-04 |
Zabbix Server | Not specified (all versions before 6.4.16rc1 and 7.0.0 are vulnerable) | Code Injection (CWE-94) | Critical (CVSS score: 9.9) | View or Download | UNDERCODE | 2024-12-04 |
Adobe Animate | 23.0.4 and earlier | Out-of-bounds read (CVE-2024-20797) | Critical (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-12-04 |
Adobe Animate | 23.0.4 and earlier | Out-of-bounds read (CVE-2024-20796) | Medium (CVSS 3.1 base score: 5.5) | View or Download | UNDERCODE | 2024-12-04 |
GitHub CLI | Prior to 2.63.1 | Path Traversal | Critical | View or Download | UNDERCODE | 2024-12-04 |
CyberPanel | Before 1c0c6cb (through 2.3.6 and unpatched 2.3.7) | Command Injection | Critical (CVSS score: 10.0) | View or Download | UNDERCODE | 2024-12-04 |
Adobe Experience Manager | Versions 6.5.19 and earlier (not specified) | Stored Cross-Site Scripting (XSS) | Medium (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS 3.x Base Score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | Medium (CVSS v3 base score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS 3.1 base score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
ChargePoint Home Flex | (Not specified in the article) | Denial-of-Service (DoS) | MEDIUM (CVSS score: 4.3) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Trimble SketchUp | All versions (unaffected versions not specified yet) | Stack-based buffer overflow remote code execution | Critical | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
PDF-XChange Editor | All versions before a patch is released (information not yet available) | Out-of-bounds read leading to remote code execution (RCE) | High (CVSS v3 score to be determined) | View or Download | UNDERCODE | 2024-12-03 |
IBM QRadar Suite, IBM Cloud Pak for Security | 1.10.12.0 through 1.10.17.0 (QRadar Suite), 1.10.0.0 through 1.1.11.0 (Cloud Pak for Security) | Information Exposure | Critical (CVSS score details unavailable) | View or Download | UNDERCODE | 2024-12-03 |
Linux Kernel | Not specified (all versions using the iwlwifi driver are potentially vulnerable) | Memory Error (improper response handling) | Critical (CVE-2024-53059) | View or Download | UNDERCODE | 2024-12-03 |
Linux Kernel | Not specified (all versions potentially affected) | Null pointer dereference | Critical | View or Download | UNDERCODE | 2024-12-03 |
High | View or Download | UNDERCODE | 2024-12-03 | |||
code-projects Farmacia | Up to 1.0 | SQL Injection | Critical (CVSS score: 5.3 MEDIUM) | View or Download | UNDERCODE | 2024-12-03 |
Checkmk | Below 2.3.0p22, 2.2.0p37, and 2.1.0p50 | Information Disclosure | Medium (CVSS v3: 6.5, CVSS v4: 5.7) | View or Download | UNDERCODE | 2024-12-03 |
element-hq/synapse | Before 1.106 | Unauthenticated Writes to Media Repository | Moderate | View or Download | UNDERCODE | 2024-12-03 |
element-hq/synapse | Before 1.120.1 | Malformed Invite Disrupts /sync Functionality | High | View or Download | UNDERCODE | 2024-12-03 |
Synapse | Below 1.120.1 | Unsupported content type handling (multipart/form-data) | High | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | Medium (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Stack-based Buffer Overflow (Remote Code Execution) | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-12-03 | ||
Adobe Experience Manager | 6.5.19 and earlier | Reflected Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Reflected Cross-Site Scripting (XSS) (CWE-79) | Important (CVSS Score: 5.4 - Medium) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Cross-Site Scripting (XSS) | Medium (CVSS v3 score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) - CVE-2024-26038 | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | Medium (CVSS 3.1 score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Zyxel ATP Series, USG FLEX Series, USG FLEX 50(W) Series, and USG20(W)-VPN Series | V5.00 through V5.38 | Directory Traversal | HIGH | View or Download | UNDERCODE | 2024-12-03 |
ProjectSend | Prior to r1720 | Improper Authentication | Critical (CVSS score: 9.8) | View or Download | UNDERCODE | 2024-12-03 |
Adobe InDesign Desktop | 19.0, 20.0 and earlier | Out-of-bounds read (CVE-2024-49529) | MEDIUM (CVSS 3.x Base Score: 5.5) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Dreamweaver Desktop | 21.3 and earlier | OS Command Injection (CVE-2024-30314) | Critical | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | DOM-based Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS 3.x Base Score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Substance 3D Stager | 3.0.2 and earlier | Out-of-bounds read (CVE-2024-52998) | Medium (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) - CVE-2024-26043 | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | DOM-based XSS (Cross-Site Scripting) | Medium (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored XSS | MEDIUM | View or Download | UNDERCODE | 2024-12-03 |
Adobe Premiere Pro | 23.6.5, 24.4.1 and earlier | Untrusted Search Path | Critical | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager (AEM) | 6.5.20 and earlier | Stored Cross-Site Scripting (XSS) | Medium (CVSS v3 score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.20 and earlier | DOM-based XSS (CVE-2024-49524) | Medium | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager (AEM) | 6.5.19 and earlier (all versions before 6.5.20 are potentially vulnerable) | DOM-based Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Substance 3D Painter | 9.1.2 and earlier | Out-of-bounds read | Important (CVSS Score: 5.5) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | Versions 6.5.19 and earlier (information incomplete due to reanalysis) | Stored Cross-Site Scripting (XSS) | Medium (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe InDesign Desktop | ID18.5.2, ID19.3 and earlier | NULL Pointer Dereference | Important (CVSS Score: 5.5) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier (all prior versions are vulnerable) | Stored Cross-Site Scripting (XSS) (CVE-2024-26056) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS 3.x score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM | View or Download | UNDERCODE | 2024-12-03 |
Adobe Substance 3D Painter | 9.1.2 and earlier | Out-of-bounds read (CVE-2024-30308) | Important (CVSS Score: 5.5) | View or Download | UNDERCODE | 2024-12-03 |
Adobe InDesign | ID18.5.2, ID19.3 and earlier | Heap-based Buffer Overflow (CVE-2024-39392) | Critical (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-12-03 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-12-03 |
Rails | Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8 (Rails::HTML::Sanitizer 1.6.0 is vulnerable) | XSS | Critical | View or Download | UNDERCODE | 2024-12-03 |
Rails | Rails >= 7.1.0 & Rails::HTML::Sanitizer 1.6.0 | Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-12-03 |
Potential XSS (Cross-Site Scripting) | View or Download | UNDERCODE | 2024-12-03 | |||
Rails | Rails >= 7.1.0 with Rails::HTML::Sanitizer 1.6.0 | XSS | Critical | View or Download | UNDERCODE | 2024-12-03 |
Mongoose | < 8.8.3 | Search Injection | High | View or Download | UNDERCODE | 2024-12-03 |
Rails::HTML::Sanitizer | 1.6.0 | XSS (Cross-Site Scripting) | Medium | View or Download | UNDERCODE | 2024-12-03 |
Adobe FrameMaker | 2020.5, 2022.3 and earlier (all versions before 2020.6 or 2022.4) | Out-of-bounds read (CVE-2024-30287) | Important (CVSS 3.x Base Score: 5.5) | View or Download | UNDERCODE | 2024-12-02 |
Adobe FrameMaker | 2020.5, 2022.3 and earlier | Heap-Based Buffer Overflow (CVE-2024-30288) | Critical (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe FrameMaker | 2020.5 and earlier (including 2022.3) | Out-of-bounds read (CVE-2024-30286) | Medium (CVSS score: 5.5) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | 20.005.30574 and earlier | Use After Free (CVE-2024-30284) | Critical (CVSS: 3.1 High - 7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | Versions 20.005.30574, 24.002.20736 and earlier (fill in "all" if all versions are affected) | Use After Free | Critical (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | All versions before 20.005.30635 and 24.002.20759 | Improper Access Control (CVE-2024-34099) | HIGH (CVSS: 7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | Versions before 20.005.30574 and 24.002.20736 | Out-of-bounds write vulnerability | HIGH (CVSS 3.1 base score: 7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | 20.005.30574, 24.002.20736 and earlier | Out-of-Bounds Read | HIGH (CVSS 3.x Base Score: 7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | Versions before 20.005.30635 and 24.002.20759 (inclusive) | Use After Free (CVE-2024-34095) | HIGH (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader DC | 20.005.30539, 23.008.20470 and earlier | Use After Free (CVE-2024-30301) | Critical (CVSS 7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | 20.005.30574, 24.002.20736 and earlier | Use After Free (CVE-2024-34100) | Critical (CVSS: 3.1/7.8) | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | 20.005.30574, 24.002.20736 and earlier | Out-of-bounds read (CVE-2024-30311) | Medium | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | 20.005.30574 and earlier | Out-of-bounds read (CVE-2024-30312) | Critical | View or Download | UNDERCODE | 2024-12-02 |
Adobe Acrobat Reader | All versions before 20.005.30574 and 24.002.20736 | Out-of-bounds read (CVE-2024-34101) | Medium (CVSS 3.x Base Score: 5.5) | View or Download | UNDERCODE | 2024-12-02 |
Adobe FrameMaker | 2020.5, 2022.3 and earlier (all versions before 2020.6 or 2022.4) | Out-of-Bounds Read (CVE-2024-30283) | Medium (CVSS score: 5.5) | View or Download | UNDERCODE | 2024-12-02 |
`ruzstd` | Affected versions | Uninitialized and Out-of-Bounds Memory Reads | Moderate | View or Download | UNDERCODE | 2024-12-02 |
Python-multipart | Affected versions | Denial of Service (DoS) | High | View or Download | UNDERCODE | 2024-12-02 |
Adobe Experience Manager | 6.5.19 and earlier | Stored Cross-Site Scripting (XSS) | MEDIUM (CVSS v3 score: 5.4) | View or Download | UNDERCODE | 2024-12-02 |
Google Chrome | Before 122.0.6261.57 | Inappropriate implementation in Navigation | Critical (Chromium security severity: Medium) | View or Download | UNDERCODE | 2024-12-02 |
Symfony | !ERROR! B254 -> Formula Error: Unexpected , | Deserialization | High | View or Download | UNDERCODE | 2024-12-02 |
Ant-Media-Server | 2.8.2 | Improper Output Neutralization for Logs | High | View or Download | UNDERCODE | 2024-12-02 |
Symfony | Affected versions are not explicitly mentioned. It is recommended to upgrade to the latest version to mitigate the risk. | Authentication Bypass | Moderate | View or Download | UNDERCODE | 2024-12-02 |
SimpleSAMLphp | All versions before 2.3.4, 2.2.4, 2.1.7, and 2.0.15 | XXE (XML External Entity) | Critical | View or Download | UNDERCODE | 2024-12-02 |
N/A (Lettuce is a Java library) | Affected versions < 6.5.1.RELEASE | Netty vulnerability (CVE-TBD) | Moderate | View or Download | UNDERCODE | 2024-12-02 |
Ibexa Admin UI | Affected versions are not explicitly mentioned. | Cross-site Scripting (XSS) | Moderate | View or Download | UNDERCODE | 2024-12-02 |
SFTPGo | 2.3.0 to 2.6.3 | Brute Force Takeover of OpenID Connect Session Cookies | Moderate | View or Download | UNDERCODE | 2024-12-02 |
SimpleSAMLphp SAML2 | (Unaffected versions not specified) | XXE | Moderate | View or Download | UNDERCODE | 2024-12-02 |
Node.js | 10.0.4 | Prototype Pollution | Critical | View or Download | UNDERCODE | 2024-12-02 |
Not specified | Not specified | Cache Confusion | Moderate | View or Download | UNDERCODE | 2024-12-02 |
Versions before 10.0.0 | Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-12-02 | |
veraPDF CLI | Affected versions are not explicitly specified. | XXE (XML External Entity Injection) | Low | View or Download | UNDERCODE | 2024-12-02 |
SimpleSAMLphp | Not specified | XXE | High | View or Download | UNDERCODE | 2024-12-02 |
(Not specified in the provided text) | libarchive versions before 3.7.5 | Out-of-bounds memory access in execute_filter_audio function | HIGH (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-12-02 |
AMTT Hotel Broadband Operation System | Up to 3.0.3.151204 | SQL Injection (CVE-2024-11051) | Critical | View or Download | UNDERCODE | 2024-12-02 |
Concert Ticket Ordering System | 1.0 | SQL Injection | View or Download | UNDERCODE | 2024-12-02 | |
Team Plugins360 All-in-One Video Gallery | All versions up to 3.5.2 | Missing Authorization | HIGH | View or Download | UNDERCODE | 2024-12-02 |
Veritas Enterprise Vault | Before 15.2 | Remote Code Execution | Critical (CVSS score: 9.8) | View or Download | UNDERCODE | 2024-11-29 |
Veritas Enterprise Vault | Before 15.2 | Remote Code Execution (RCE) | Critical (CVSS 3.x score: 9.8) | View or Download | UNDERCODE | 2024-11-29 |
Microsoft Windows | Not specified (all versions potentially affected) | Elevation of Privilege | HIGH (CVSS 3.1 base score: 7.0) | View or Download | UNDERCODE | 2024-11-29 |
Open Management Infrastructure (OMI) | Not specified (all versions likely affected) | Remote Code Execution (RCE) | Critical (CVSS: 9.8) | View or Download | UNDERCODE | 2024-11-29 |
.NET | 7.0 (<= 7.0.16), 8.0 (<= 8.0.2) | Denial of Service (DoS) | HIGH (CVSS score: 7.5) | View or Download | UNDERCODE | 2024-11-29 |
Kerberos Security Feature Bypass | HIGH (CVSS 3.1 base score: 7.5) | View or Download | UNDERCODE | 2024-11-29 | ||
WordPress | ProfileGrid plugin versions up to 5.9.3.6 | Unauthorized data modification | Medium (CVSS: 6.5) | View or Download | UNDERCODE | 2024-11-29 |
HIGH (CVSS: 7.0) | View or Download | UNDERCODE | 2024-11-29 | |||
Microsoft Dynamics 365 (on-premises) | Not specified | Cross-site Scripting (XSS) | HIGH (CVSS v3 score: 7.6) | View or Download | UNDERCODE | 2024-11-29 |
WordPress | Ashe theme versions up to 2.243 | Reflected Cross-Site Scripting (XSS) | MEDIUM (CVSS: 6.1) | View or Download | UNDERCODE | 2024-11-29 |
WordPress Plugin - MailChimp Forms by MailMunch | All versions up to 3.2.3 (inclusive) | Reflected Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-29 |
Veritas Enterprise Vault | Before 15.2 | Remote Code Execution (RCE) | Critical (CVSS v3 score: 9.8) | View or Download | UNDERCODE | 2024-11-29 |
Out-of-Bounds Read Remote Code Execution (RCE) | Critical (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-11-29 | ||
PDF-XChange Editor | (not specified in available information) | Out-of-Bounds Write Remote Code Execution | HIGH (CVSS score: 7.8) based on Zero Day Initiative (ZDI) | View or Download | UNDERCODE | 2024-11-29 |
Medium | View or Download | UNDERCODE | 2024-11-29 | |||
PDF-XChange Editor | All versions before a patch is released | Information Disclosure | View or Download | UNDERCODE | 2024-11-22 | |
PDF-XChange Editor | Not specified (all versions before a patch is released are vulnerable) | Out-of-Bounds Read Remote Code Execution | HIGH | View or Download | UNDERCODE | 2024-11-29 |
PDF-XChange Editor | (information not available) | Out-of-bounds read remote code execution (RCE) | Critical (CVSS v3.0 base score likely high) | View or Download | UNDERCODE | 2024-11-29 |
EMF File Parsing Out-Of-Bounds Read | LOW (CVSS: 3.3) | View or Download | UNDERCODE | 2024-11-29 | ||
Out-of-Bounds Read Remote Code Execution (RCE) in XPS parsing | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-11-29 | ||
Foxit PDF Reader | All versions (unspecified) | Out-of-Bounds Read Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-29 |
Foxit PDF Reader | Not specified in this source | Annotation Use-After-Free | Critical | View or Download | UNDERCODE | 2024-11-29 |
Local Privilege Escalation | Critical | View or Download | UNDERCODE | 2024-11-29 | ||
Foxit PDF Reader (all versions) | Not specified | Incorrect Permission Assignment in Update Service (Local Privilege Escalation) | Critical | View or Download | UNDERCODE | 2024-11-29 |
Foxit PDF Reader | All versions (not specified) | Out-of-Bounds Read Information Disclosure | Critical | View or Download | UNDERCODE | 2024-11-29 |
Annotation Use-After-Free Remote Code Execution | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-11-29 | ||
Annotation Out-of-Bounds Read | Critical | View or Download | UNDERCODE | 2024-11-29 | ||
Out-of-Bounds Write Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-29 | ||
SolarWinds Web Help Desk (WHD) | Not specified in the provided information. | Hardcoded Credentials | Critical (CVSS score: 9.1) | View or Download | UNDERCODE | 2024-11-29 |
SolarWinds Serv-U | All versions up to 15.4.2 Hotfix 1 | Directory Traversal | Critical | View or Download | UNDERCODE | 2024-11-29 |
D-Link NAS devices (DNS-320L, DNS-325, DNS-327L, DNS-340L) | All versions up to April 3rd, 2024 (EOL) | Command Injection (CVE-2024-3273) | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-11-29 |
Windows (10 and above), Windows Server (2016 and later) | Not specified | Heap-based buffer overflow in DWM Core Library | HIGH (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-11-29 |
Android | All versions (initially reported on Pixel devices but affects all) | Privilege Escalation (CVE-2024-32896) | Critical | View or Download | UNDERCODE | 2024-11-29 |
IrfanView | All versions | Heap-based buffer overflow due to SVG file parsing | Critical (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-11-29 |
IrfanView | All versions (unaffected version not specified) | Out-of-Bounds Read Remote Code Execution (RCE) | View or Download | UNDERCODE | 2024-11-29 | |
IrfanView | All versions | DXF File Parsing Type Confusion Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-29 |
Critical | View or Download | UNDERCODE | 2024-11-29 | |||
Foxit PDF Reader | All versions up to (including) 13.1.3 (Windows) & 13.1.2 (Mac) | Use-After-Free Remote Code Execution (RCE) | Critical | View or Download | UNDERCODE | 2024-11-29 |
Microsoft Windows Kernel | Not specified | Time-Of-Check Time-Of-Use (TOCTOU) race condition | Critical (CVSS score: 7.0) | View or Download | UNDERCODE | 2024-11-29 |
Windows MSHTML Platform | (Not specified in the provided information) | Security Feature Bypass | Critical (CVSS v3 score: 8.8) | View or Download | UNDERCODE | 2024-11-29 |
Oracle CRM Technical Foundation (Oracle E-Business Suite) | 12.2.3 - 12.2.13 | Partial Denial of Service (DoS) | Medium (CVSS 3.1 Base Score: 4.3) | View or Download | UNDERCODE | 2024-11-29 |
JD Edwards EnterpriseOne Tools | Prior to 9.2.8.1 | Information Disclosure | Critical | View or Download | UNDERCODE | 2024-11-29 |
Oracle MySQL Server | 8.0.35 and prior, 8.2.0 and prior | Privilege Escalation (CVE-2024-20964) | Critical (CVSS 3.1 Base Score: 5.3) | View or Download | UNDERCODE | 2024-11-29 |
Hugging Face Transformers | Not specified | Deserialization of Untrusted Data (Remote Code Execution) | Critical | View or Download | UNDERCODE | 2024-11-28 |
Hugging Face Transformers (MaskFormer model) | Not specified | Deserialization of Untrusted Data (Remote Code Execution) | Important | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified | Improper lock handling (CVE-2024-53086) | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified (potentially all versions with the vulnerable remoteproc driver) | Error Handling Vulnerability (CWE-755) | Low (CVSS v3 details not provided) | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified | Use-After-Free (UAF) | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified (all versions potentially affected) | Exec Queue Leak | Medium (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified (versions 6.5 to 6.12 likely affected) | Uninitialized variables (hdr_len and txbuf_len) | Medium (CVSS 3.1 base score: 5.5) | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified (all versions potentially affected) | Race Condition | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified (all versions potentially affected) | Access to uninitialized variable in tick_ctx_cleanup() function | Medium (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-28 |
Hugging Face Transformers (Library) | (Unaffected versions not specified yet) | Remote Code Execution (RCE) | Critical (CVSS score unavailable, but details suggest high severity) | View or Download | UNDERCODE | 2024-11-28 |
Linux kernel | Not specified (likely impacts specific kernel versions) | Improper use of use_count in media:qcom:camss:stop_streaming function | Medium (CVSS 3.x Base Score: 5.5) | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified (potential impact on all versions with Loongson 3 CPU support) | Improper Resource Handling (use of incorrect function) | Low | View or Download | UNDERCODE | 2024-11-28 |
Linux Kernel | Not specified (all versions affected by commit de8548813824) | Race condition during group handle conversion | Medium (CVSS 3.x Base Score: 4.7) | View or Download | UNDERCODE | 2024-11-28 |
Cilium | v1.16.0 - v1.16.3 (inclusive) | Layer 7 policy enforcement bypass with port ranges | Medium | View or Download | UNDERCODE | 2024-11-28 |
MLflow | N/A | Privilege Escalation | High | View or Download | UNDERCODE | 2024-11-28 |
deno_doc | (not specified) | Self-XSS | Low | View or Download | UNDERCODE | 2024-11-28 |
Querydsl (with JPA) | Not specified (but vulnerable in versions up to 6.8.0) | HQL Injection (Blind) | Critical | View or Download | UNDERCODE | 2024-11-28 |
SPEmailHandler-PHP | < 1.0.0 | Arbitrary Email Sending | High | View or Download | UNDERCODE | 2024-11-28 |
Python | 0.1.13 | Credential Harvesting | High | View or Download | UNDERCODE | 2024-11-28 |
sigstore-java | v1.0.0 | Improper verification of log entry in bundle verification (CVE-2024-53267) | Critical | View or Download | UNDERCODE | 2024-11-28 |
libre-chat | 0.0.6 | Path Traversal | Moderate | View or Download | UNDERCODE | 2024-11-28 |
lakeFS | Affected versions are not explicitly specified. | Privilege Escalation | Moderate | View or Download | UNDERCODE | 2024-11-28 |
Jenkins | < 0.0.15 | Path Traversal | Moderate | View or Download | UNDERCODE | 2024-11-28 |
Keycloak | 26 and earlier | Denial-of-Service (DoS) | Critical | View or Download | UNDERCODE | 2023-11-21 |
Keycloak | !ERROR! B338 -> Formula Error: Unexpected , | Sensitive Data Exposure | View or Download | UNDERCODE | 2024-11-28 | |
Jenkins | 1.4.4 and earlier | Stored Cross-Site Scripting (XSS) | High | View or Download | UNDERCODE | 2024-11-28 |
GitHub CLI | Prior to 2.63.0 | Token Leak | Critical | View or Download | UNDERCODE | 2024-11-28 |
Devolutions.XTS.NET | All versions | Timing Attack | Moderate | View or Download | UNDERCODE | 2024-11-28 |
Android (uses Apache ExternalStorageProvider) | Unaffected versions not specified (potential for widespread impact) | File Path Filter Bypass | Critical | View or Download | UNDERCODE | 2024-11-28 |
Safari, iOS, iPadOS, macOS, visionOS | Affected versions prior to Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1 | Arbitrary Code Execution | Critical | View or Download | UNDERCODE | 2024-11-28 |
vCenter Server | Affected versions | Privilege Escalation | HIGH | View or Download | UNDERCODE | 2024-11-28 |
Oracle Agile PLM Framework | 9.3.6 | Information Disclosure | HIGH | View or Download | UNDERCODE | 2024-11-28 |
SQL Injection (CVE-2024-9465) | Critical (CVSS score: 9.2) | View or Download | UNDERCODE | 2024-11-28 | ||
CyberPanel (aka Cyber Panel) | Before 5b08cd6d53f4dbc2107ad9f555122ce8b0996515 (versions through 2.3.6 and unpatched 2.3.7) | Remote Code Execution (RCE) | Critical (CVSS 10.0) | View or Download | UNDERCODE | 2024-11-28 |
Progress Kemp LoadMaster | All versions after 7.2.48.1 (including LoadMaster Multi-Tenant VFNs) | Unauthenticated Command Injection | CRITICAL | View or Download | UNDERCODE | 2024-11-28 |
Missing Authentication | Critical (CVSS score: 9.3) | View or Download | UNDERCODE | 2024-11-28 | ||
NTLMv2 Hash Disclosure Spoofing | View or Download | UNDERCODE | 2024-11-28 | |||
Cisco Adaptive Security Appliance (ASA) | Not specified | Cross-site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-28 |
Palo Alto Networks PAN-OS | View or Download | UNDERCODE | 2024-11-28 | |||
Windows | Multiple versions affected | Elevation of Privilege | High | View or Download | UNDERCODE | 2024-11-28 |
Apple Products (Safari, iOS, iPadOS, macOS, visionOS) | Affected versions include Safari 18.1, iOS 17.7, iPadOS 17.7, macOS Sonoma 15.1, iOS 18.1, iPadOS 18.1, and visionOS 2.1. | Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-28 |
Hugging Face Transformers MaskFormer Model | All versions before a fix is applied | Deserialization of Untrusted Data Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified (the vulnerability was identified in a pre-release version) | Suspicious RCU usage in ip_tunnel_find() function | Medium | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified (all versions potentially affected) | Memory Corruption in drm/vc4 driver | Moderate (CVSS v3 score to be determined) | View or Download | UNDERCODE | 2024-11-27 |
go-gh | Prior to 2.11.1 | Improper Token Handling | Moderate | View or Download | UNDERCODE | 2024-11-27 |
GitHub CLI | Prior to 2.63.0 | Token Leak | Critical | View or Download | UNDERCODE | 2024-11-27 |
SPEmailHandler-PHP | < 1.0.0 | Arbitrary Email Sending | High | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Unaffected versions not specified yet (Needs Evaluation for most Ubuntu versions) | Use-after-free (accessing uninitialized variable) | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified (potentially all versions with qcom:camss driver) | Incorrect usage of reference counter in qcom:camss driver (CVE-2024-50175) | Moderate | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified (versions 6.10 to 6.12 likely affected) | Race condition (CVE-2024-50174) | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-27 |
ServiceNow Vancouver | Multiple | Remote Code Execution (RCE) | Critical | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified (all versions before the fix are potentially vulnerable) | Exec Queue Leak | Medium (CVSS score details not yet available) | View or Download | UNDERCODE | 2024-11-27 |
Google Chrome | Prior to 124.0.6367.207 | Out-of-bounds write in V8 JavaScript engine | Critical (High in Chromium) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified | Resource Leak due to Object Reference Loop | Medium | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified | Race condition in TPM suspension (CVE-2024-53085) | Moderate (CVSS score details not provided) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified (all versions using the vulnerable cpufreq driver) | cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() (CVE-2024-50178) | Critical | View or Download | UNDERCODE | 2024-11-27 |
Apple Safari, iOS, iPadOS, macOS Sequoia | All versions before Safari 18.1.1, iOS 17.7.2, iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1, iPadOS 18.1.1, and visionOS 2.1.1 | Code Execution (CVE-2024-44308) | Critical | View or Download | UNDERCODE | 2024-11-27 |
Google Chrome | Prior to 124.0.6367.201 | Use After Free in Visuals | High | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified | Improper Error Handling (remoteproc driver) | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified | Uninitialized variable (hdr_len, txbuf_len) | Medium | View or Download | UNDERCODE | 2024-11-27 |
ServiceNow Now Platform | All versions before Xanadu General Availability (vague) | Sandbox Escape (allows remote code execution) | Critical (CVSS score: 9.3) | View or Download | UNDERCODE | 2024-11-27 |
Jenkins | < 0.0.15 | Path Traversal | Moderate | View or Download | UNDERCODE | 2024-11-27 |
Querydsl | Not specified (vulnerable since initial versions) | HQL Injection | Critical | View or Download | UNDERCODE | 2024-11-27 |
Devolutions.XTS.NET | All versions before 2024.11.26 | Timing Attack (CVE-2024-11862) | Moderate | View or Download | UNDERCODE | 2024-11-27 |
Google Chrome | Before 125.0.6422.112 | Type Confusion in V8 JavaScript Engine | View or Download | UNDERCODE | 2024-11-27 | |
Google Chrome | Prior to 128.0.6613.84 (Unaffected versions not specified) | Type Confusion (CVE-2024-7971) | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified | Bounds checking error in snd_soc_dapm_widget_list | Medium | View or Download | UNDERCODE | 2024-11-27 |
Oracle WebCenter Portal (Oracle Fusion Middleware) | 12.2.1.4.0 (affected version) | Unauthorized access (update, insert, delete, read) to some of Oracle WebCenter Portal data | Medium (CVSS v3 score: 4.4) | View or Download | UNDERCODE | 2024-11-27 |
Oracle Agile Product Lifecycle Management for Process | Prior to 6.2.4.2 | Unauthenticated remote code execution | Critical (CVSS 3.1 Base Score: 7.3) | View or Download | UNDERCODE | 2024-11-27 |
MySQL Server | 8.0.35 and prior, 8.2.0 and prior | Server : Security : Firewall | Medium | View or Download | UNDERCODE | 2024-11-27 |
Oracle BI Publisher | 6.4.0.0.0, 7.0.0.0.0 | Unauthorized access (update, insert, delete, read) | Critical (CVSS score: 5.4) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Unaffected versions not specified (likely all before a patched version is released) | Integer underflow in PLL value checks for Samsung Arbiter 0521 sensor | Critical | View or Download | UNDERCODE | 2024-11-27 |
Oracle Hospitality Simphony (component: Simphony Enterprise Server) | 19.1.0 - 19.5.4 | Easily exploitable via HTTP | Critical (CVSS 3.1 Base Score: 9.9) | View or Download | UNDERCODE | 2024-11-27 |
Oracle MySQL Server | 8.0.36 and prior, 8.3.0 and prior | Information Schema flaw | Critical (CVSS score: 5.3) | View or Download | UNDERCODE | 2024-11-27 |
Oracle WebLogic Server (Core component) | 12.2.1.4.0, 14.1.1.0.0 | Security Feature Bypass | Critical (CVSS 3.1 Base Score: 6.1) | View or Download | UNDERCODE | 2024-11-27 |
Oracle E-Business Suite | 12.2.3 - 12.2.13 | Unauthorized data access | Medium (CVSS 3.1 Base Score: 5.3) | View or Download | UNDERCODE | 2024-11-27 |
Oracle Solaris | 11 | Zone component vulnerability | Critical (CVSS score: 8.2) | View or Download | UNDERCODE | 2024-11-27 |
Oracle MySQL Server | 8.0.35 and prior, 8.2.0 and prior (all versions before these are vulnerable) | Improper handling within the Optimizer component | Critical (CVSS 3.1 Base Score: 4.9) | View or Download | UNDERCODE | 2024-11-27 |
Oracle E-Business Suite | 12.2.3 - 12.2.13 | CVE-2024-20958 | Medium (CVSS 3.1 Base Score: 5.4) | View or Download | UNDERCODE | 2024-11-27 |
Oracle Database Sharding | 19.3-19.22 & 21.3-21.13 | An attacker with DBA privileges and network access can cause a partial denial-of-service (DoS). | Low (CVSS v3 base score: 2.4) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified | Buffer overflow in video capture when using more than 32 buffers. | Medium (CVSS v3.1: 5.5) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Unaffected versions not specified (all before 6.11.8 likely vulnerable) | Missing buffer index check in dvb_vb2_expbuf() function | Low (CVSS v3 score not yet available) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel (Xilinx axienet) | Not specified (affects specific platforms) | Race condition in network transmission | Moderate (CVSS: 5.5) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Unaffected versions not listed (all potentially vulnerable) | Btrfs reference list handling error in `insert_delayed_ref()` | Low | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified (all versions potentially affected) | Infinite Loop in filemap_read() | Medium (CVSS v3: 5.5) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified (all versions vulnerable before a fix is applied) | Crash due to invalid pointer access | Medium (CVSS score not yet assigned) | View or Download | UNDERCODE | 2024-11-27 |
Linux Kernel | Not specified | Integer overflow in damon_feed_loop_next_input function | Moderate (CVSS score details might be available elsewhere) | View or Download | UNDERCODE | 2024-11-26 |
Linux Kernel | (Unaffected versions not specified) | Improper IO Mapping Handling | High | View or Download | UNDERCODE | 2024-11-26 |
CRI-O | !ERROR! B402 -> Formula Error: Unexpected , | Malicious checkpoint file can lead to arbitrary node access | Moderate | View or Download | UNDERCODE | 2024-11-26 |
TCPDF | 6.7.5 | Local File Inclusion (LFI) | Moderate | View or Download | UNDERCODE | 2024-11-26 |
Tungsten Automation Power PDF | All versions (not specified) | Out-of-Bounds Read Remote Code Execution (RCE) in JP2 file parsing | Critical | View or Download | UNDERCODE | 2024-11-26 |
Tungsten Automation Power PDF | All versions (not specified) | JPG File Parsing Out-Of-Bounds Read | Information Disclosure (allows attackers to see sensitive information) | View or Download | UNDERCODE | 2024-11-26 |
Tungsten Automation Power PDF | All | JP2 File Parsing Out-Of-Bounds Read Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-26 |
Tungsten Automation Power PDF | Not specified | Out-of-Bounds Read Information Disclosure | Not officially rated (CVSS information not yet available) | View or Download | UNDERCODE | 2024-11-26 |
WordPress | Sirv plugin up to 7.3.0 | Unauthorized modification of data leading to Denial-of-Service (DoS) | Critical | View or Download | UNDERCODE | 2024-11-26 |
WordPress Restaurant Menu – Food Ordering System Plugin | Up to and including 2.4.2 | Reflected Cross-Site Scripting (XSS) | Medium (CVSS v3: 6.1) | View or Download | UNDERCODE | 2024-11-26 |
WordPress | Contact Form 7 Email Add On plugin <= 1.9 | Local File Inclusion | HIGH | View or Download | UNDERCODE | 2024-11-26 |
WordPress | WooCommerce Product Table Lite plugin versions up to 3.8.6 | Arbitrary Shortcode Execution & Reflected Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-26 |
FastStone Image Viewer | All versions before 7.8 are affected (unspecified in report) | Out-of-Bounds Write in GIF Parsing | Critical (Allows remote code execution) | View or Download | UNDERCODE | 2024-11-26 |
Tungsten Automation Power PDF | (not specified) | Out-of-Bounds Read in PDF Parsing | Information Disclosure (Exploitation likely requires additional vulnerabilities) | View or Download | UNDERCODE | 2024-11-26 |
PDF-XChange Editor (all versions) | Not applicable | Out-of-bounds write during PDF parsing | Critical | View or Download | UNDERCODE | 2024-11-26 |
Perl (Imager package) | Before 1.0.25 | Heap-based buffer overflow | Critical (CVSS details not provided) | View or Download | UNDERCODE | 2024-11-26 |
Ivanti Cloud Services Appliance (CSA) | 4.6 (before Patch 518) | OS Command Injection (CVE-2024-8190) | Critical | View or Download | UNDERCODE | 2024-11-26 |
Use-After-Free leading to Remote Code Execution | Critical (allows attackers to take full control of the system) | View or Download | UNDERCODE | 2024-11-26 | ||
WordPress | WPGYM <= 67.1.0 | Unauthenticated Arbitrary File Upload | Critical | View or Download | UNDERCODE | 2024-11-26 |
WordPress | WPGYM plugin up to 67.1.0 | Privilege Escalation | Moderate (CVSS score not yet available) | View or Download | UNDERCODE | 2024-11-26 |
AMD EPYC Processors (see below for affected models) | Firmware versions up to (excluding) milanpi_1.0.0.d or genoapi_1.0.0.c (depending on the model) | Details not specified in the excerpt, but likely exploitable by attackers. | Critical (highest severity level) | View or Download | UNDERCODE | 2024-11-26 |
Dell PowerProtect DD | Prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50 | Access Control | Critical | View or Download | UNDERCODE | 2024-11-26 |
IrfanView | All versions (to be confirmed) | Out-of-Bounds Read Remote Code Execution (RCE) in SID file parsing | Critical | View or Download | UNDERCODE | 2024-11-26 |
IBM Watson Query on Cloud Pak for Data, IBM Db2 Big SQL on Cloud Pak for Data | 1.8, 2.0, 2.1, 2.2 (Watson Query), 7.3, 7.4, 7.5, 7.6 (Db2 Big SQL) | Insufficient session expiration | Critical | View or Download | UNDERCODE | 2024-11-26 |
PHP | 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14 | HTTP Request Smuggling (CVE-2024-11234) | Critical | View or Download | UNDERCODE | 2024-11-26 |
Pandora FMS | 700 through <= 777.4 | Command Injection (LDAP Authentication) | MEDIUM | View or Download | UNDERCODE | 2024-11-26 |
WordPress | My Contador lesr plugin <= 2.0 | Unauthenticated Stored Cross-Site Scripting (XSS) | Medium (CVSS: 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) | View or Download | UNDERCODE | 2024-11-26 |
WordPress | Dino Game - Embed Google Chrome Dinosaur Game plugin versions up to 1.1.0 | Stored Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-26 |
WordPress | Pure CSS Circle Progress Bar plugin <= 1.2 | Stored Cross-Site Scripting (XSS) | Critical (Unauthenticated attackers can inject malicious scripts) | View or Download | UNDERCODE | 2024-11-26 |
WordPress | Up to and including 1.1.6 | Reflected Cross-Site Scripting (XSS) | Medium (CVSS: 6.1) | View or Download | UNDERCODE | 2024-11-26 |
WordPress | Theater for WordPress <= 0.18.6.2 | Reflected Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-26 |
Android | (Not specified) | Local Privilege Escalation through Screen Capture | Critical | View or Download | UNDERCODE | 2024-11-26 |
Zoho ManageEngine Exchange Reporter Plus | 5714 and below | Authenticated SQL injection | Critical | View or Download | UNDERCODE | 2024-11-26 |
Jewel Theme Master Addons for Elementor | All versions up to 2.0.5.4.1 (uncertain about earlier versions) | Missing Authorization | Critical | View or Download | UNDERCODE | 2024-11-26 |
HarmonyOS (based on source) | Not specified | Missing permission check in applyCustomDescription of SaveUi.java | High (Local Information Disclosure) | View or Download | UNDERCODE | 2024-11-26 |
KiviCare | Up to 3.6.2 | Authorization Bypass Through User-Controlled Key | Critical | View or Download | UNDERCODE | 2024-11-26 |
Keycloak Connector Server | < 2.5.5 | Reflected XSS | Moderate | View or Download | UNDERCODE | 2024-11-26 |
sigstore-java | v1.0.0 (patched in v1.1.0) | Incomplete verification in KeylessVerifier.verify() | Critical | View or Download | UNDERCODE | 2024-11-26 |
Android | Not specified (All versions potentially affected) | Confused Deputy in PrintManagerService.java | Medium | View or Download | UNDERCODE | 2024-11-26 |
Qualcomm Snapdragon Firmware | All | CWE-835 (Loop or Recursion Vulnerability) | View or Download | UNDERCODE | 2024-11-26 | |
Qualcomm Multi-mode Call Processor | Not Applicable (Affects All Versions) | Denial-of-Service (DoS) | Medium | View or Download | UNDERCODE | 2024-11-26 |
Unknown (reference to CWE-787 suggests Out-of-bounds Write) | Unknown (severity cannot be determined from this blog post) | View or Download | UNDERCODE | 2024-11-26 | ||
UkrSolution Barcode Scanner with Inventory & Order Manager | Critical | View or Download | UNDERCODE | 2024-11-26 | ||
Lobe Chat | Before 1.19.13 | Unauthorized SSRF | Critical (CVSS: 9.0) | View or Download | UNDERCODE | 2024-11-26 |
Android | Not specified (all versions potentially affected) | Out-of-bounds write due to missing bounds check | Critical (allows remote code execution) | View or Download | UNDERCODE | 2024-11-26 |
IrfanView | All versions (unaffected versions not specified) | DXF file parsing out-of-bounds read leading to RCE | Critical | View or Download | UNDERCODE | 2024-11-26 |
IrfanView | All versions (unaffected versions not yet identified) | Out-of-bounds read in DXF file parsing leading to RCE | Critical | View or Download | UNDERCODE | 2024-11-26 |
IrfanView | All versions (unaffected version not specified yet) | Out-of-Bounds Read Remote Code Execution (DXF File Parsing) | Critical | View or Download | UNDERCODE | 2024-11-26 |
Centreon | All versions before 22.04.24, 22.10.22, 23.04.18, 23.10.12, and 24.04.0 (not mentioned in the article) | SQL Injection in the updateServiceHost function | Critical (allows remote code execution) | View or Download | UNDERCODE | 2024-11-26 |
Centreon Web | All versions before the fixes mentioned below | SQL Injection leading to Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-26 |
Dell PowerProtect DD | Before 7.7.5.50 | Exposure of Sensitive Information to Unauthorized Actor | Low (CVSS: 3.1) | View or Download | UNDERCODE | 2024-11-26 |
Dell PowerProtect Data Domain | Prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50 | Escalation of Privilege (EoP) | Critical (CVSS score details not provided) | View or Download | UNDERCODE | 2024-11-26 |
Project Worlds Free Download Online Shopping System | All versions up to 192.168.1.88 (unclear if specific to this IP or a version range) | SQL injection | Critical (CVSS score: 5.3 MEDIUM) | View or Download | UNDERCODE | 2024-11-26 |
ManageEngine ADAudit Plus | Below 8121 | SQL Injection (CVE-2024-5608) | Critical (CVSS score: 8.3) | View or Download | UNDERCODE | 2024-11-26 |
emqx Neuron | Up to 2.10.0 | Buffer Overflow | Critical (CVSS v4.0: MEDIUM) | View or Download | UNDERCODE | 2024-11-26 |
E-Health Care System | 1.0 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-26 |
GitLab CE/EE | 16.0 to 17.3.6, 17.4 to 17.4.3, 17.5 to 17.5.1 (Fixed in 17.3.7, 17.4.4, 17.5.2) | Unauthorized access to Kubernetes agent (CVE-2024-9693) | High (CVSS score: 8.5) | View or Download | UNDERCODE | 2024-11-26 |
Python | 0.1.13 | Credential Harvesting | High | View or Download | UNDERCODE | 2024-11-25 |
Linux Kernel | Not specified | Out-of-memory access in dvbdev | High (CVSS score not provided) | View or Download | UNDERCODE | 2024-11-25 |
MLflow | Affected versions are not explicitly specified. | Excessive directory permissions | High | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions | Heap-based buffer overflow in JPM file parsing | Critical | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions | DJVU File Parsing Use-After-Free Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All | Heap-based Buffer Overflow Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-25 |
PDF File Parsing Out-Of-Bounds Read Information Disclosure | LOW | View or Download | UNDERCODE | 2024-11-25 | ||
IrfanView | All versions (unaffected versions not yet disclosed) | Out-of-Bounds Read Remote Code Execution (RCE) | Critical | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions | Out-of-Bounds Write in JPM File Parsing | Critical | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions | DXF file parsing memory corruption leading to remote code execution | Critical | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions | Out-of-bounds read during DWG file parsing leading to Remote Code Execution (RCE) | Critical (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions (not specified) | Out-of-bounds write during ARW file parsing | Critical (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions (unaffected versions not specified) | Out-of-bounds write during JPM file parsing (CVE-2024-11517) | Critical (RCE) | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions (unaffected versions not specified yet) | DWG File Parsing Memory Corruption RCE | Critical | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions (unaffected versions not yet identified) | DXF File Parsing Use-After-Free Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-25 |
WordPress | ImagePress – Image Gallery plugin versions up to 1.2.2 (inclusive) | Cross-Site Request Forgery (CSRF) | Medium (CVSS v3 score not provided) | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions | DXF File Parsing Memory Corruption Remote Code Execution | Critical (CVSS: 7.8) | View or Download | UNDERCODE | 2024-11-25 |
Keycloak | 26 and earlier | Denial-of-Service (DoS) | Critical | View or Download | UNDERCODE | 2024-11-25 |
Keycloak | !ERROR! B475 -> Formula Error: Unexpected , | Denial-of-Service (DoS) | Moderate | View or Download | UNDERCODE | 2024-11-25 |
deno_doc | All versions before a fix is released | Cross-site Scripting (XSS) | Low | View or Download | UNDERCODE | 2024-11-25 |
Keycloak | !ERROR! B477 -> Formula Error: Unexpected , | Sensitive data exposure | High | View or Download | UNDERCODE | 2024-11-25 |
Dell SmartFabric OS10 Software | 10.5.3.x, 10.5.4.x, 10.5.5.x, 10.5.6.x | Improper Neutralization of Special Elements (Command Injection) | HIGH | View or Download | UNDERCODE | 2024-11-25 |
Keycloak | !ERROR! B479 -> Formula Error: Unexpected , | Sensitive data exposure during build process | Moderate | View or Download | UNDERCODE | 2024-11-25 |
Keycloak | !ERROR! B480 -> Formula Error: Unexpected , | Path Traversal | Low | View or Download | UNDERCODE | 2024-11-25 |
Keycloak | !ERROR! B481 -> Formula Error: Unexpected , | Inefficient Regular Expression Complexity | View or Download | UNDERCODE | 2024-11-25 | |
Xiaomi Router AX9000 | Not specified | Post-authorization Command Injection | MEDIUM (CVSS 3.1 base score: 6.4) | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions (unspecified) | Out-of-Bounds Write during SID File Parsing (Remote Code Execution) | Critical | View or Download | UNDERCODE | 2024-11-25 |
1000 Projects Beauty Parlour Management System | 1.0 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-25 |
Tungsten Automation Power PDF | Not specified | JPF File Parsing Out-Of-Bounds Write Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-25 |
IrfanView | All versions (unaffected versions not specified) | WSQ File Parsing Out-Of-Bounds Write Remote Code Execution | Critical | View or Download | UNDERCODE | 2024-11-25 |
Tungsten Automation Power PDF | Not specified | PSD File Parsing Out-Of-Bounds Write Remote Code Execution | Critical (CVSS score not provided, but the description indicates remote attackers can execute arbitrary code) | View or Download | UNDERCODE | 2024-11-25 |
Tungsten Automation Power PDF | Not specified | Stack-based buffer overflow in TIF file parsing | Critical | View or Download | UNDERCODE | 2024-11-25 |
WordPress | HUSKY - Products Filter Professional for WooCommerce plugin versions up to 1.3.6.3 | Reflected Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-25 |
W3speedster | Up to 7.25 | Cross-Site Request Forgery (CSRF) | Critical | View or Download | UNDERCODE | 2024-11-25 |
Vivwebs Dynamic Widgets | Up to 1.6.4 | Cross-Site Request Forgery (CSRF) | Medium (based on CVSS v3.1 score) | View or Download | UNDERCODE | 2024-11-25 |
XSS in error messages | Low (user-controlled input needed in error message) | View or Download | UNDERCODE | 2024-11-25 | ||
Taurus Multi-Party Signature Library | Not specified | Critical (both vulnerabilities) | View or Download | UNDERCODE | 2024-11-25 | |
Linux Kernel | Not specified (all versions potentially affected) | Race condition in i40e driver | Moderate (CVSS score not provided) | View or Download | UNDERCODE | 2024-11-25 |
lxml (HTML cleaning functionality) | Before 0.4.0 | Improper context handling for special HTML tags (SVG, Math, Noscript) | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-11-25 |
Android | Not specified | Improper Input Validation in CompanionDeviceManagerService.java (CVE-2024-0022) | High | View or Download | UNDERCODE | 2024-11-25 |
Linux Kernel | Not specified | Improper reference count handling for CPU device nodes (RISC-V) | Medium (CVSS v3 base score: 5.5) | View or Download | UNDERCODE | 2024-11-25 |
Linux Kernel | Not specified (likely impacts multiple versions) | Improper resource handling in iwlwifi driver during AP stop/start | Medium (CVSS 3.x Base Score: 5.5) | View or Download | UNDERCODE | 2024-11-25 |
Linux Kernel | Not specified (requires kernel update) | Incorrect NULL vs IS_ERR() check in drm/tegra driver | Low (CVSS v3 Base Score: 5.5) | View or Download | UNDERCODE | 2024-11-25 |
Linux Kernel | Unaffected versions not listed (potentially all before the fix) | Out-of-bounds memory access in virtio_net driver | HIGH (CVSS 3.1 base score: 7.1) | View or Download | UNDERCODE | 2024-11-25 |
emqx neuron | Up to 2.10.0 | Information Disclosure (CVE-2024-10965) | MEDIUM | View or Download | UNDERCODE | 2024-11-23 |
AMTT Hotel Broadband Operation System | Up to 3.0.3.151204 | Cross-site scripting (XSS) | Medium (CVSS score: 5.3) | View or Download | UNDERCODE | 2024-11-23 |
code-projects Task Manager | 1.0 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-23 |
Job Recruitment | 1.0 | Cross-site Scripting (XSS) | MEDIUM | View or Download | UNDERCODE | 2024-11-23 |
WordPress Plugin - CTT Expresso para WooCommerce | Up to 3.2.12 (inclusive) | Sensitive Information Exposure | Medium | View or Download | UNDERCODE | 2024-11-23 |
Code4Berry Decoration Management System | 1.0 | Improper Access Control | Critical | View or Download | UNDERCODE | 2024-11-23 |
Dropbox Desktop | All | Mark-of-the-Web Bypass | Critical | View or Download | UNDERCODE | 2024-11-23 |
WordPress | FundEngine plugin versions up to and including 1.7.0 | Privilege Escalation | Critical | View or Download | UNDERCODE | 2024-11-23 |
Code4Berry Decoration Management System | 1.0 | Permission Issues (User Handler - /decoration/admin/userregister.php) | Critical | View or Download | UNDERCODE | 2024-11-23 |
Linux Kernel | Not specified (potentially all versions before the fix) | mctp i2c NULL header address handling | Medium (CVSS score not provided) | View or Download | UNDERCODE | 2024-11-22 |
All versions before the fix | Memory Leak | Medium (CVSS score to be determined) | View or Download | UNDERCODE | 2024-11-22 | |
Linux Kernel | Not specified | Null pointer dereference in firmware:qcom:scm | Medium (CVSS score not provided) | View or Download | UNDERCODE | 2024-11-22 |
MBed OS | 6.16.0 | Buffer Overflow (CVE-2024-48982) | Critical | View or Download | UNDERCODE | 2024-11-22 |
Code4Berry Decoration Management System | 1.0 | User Permission Handling Vulnerability (CVE-2024-11486) | Medium | View or Download | UNDERCODE | 2024-11-22 |
Mbed OS | 6.16.0 | Buffer Overflow (CVE-2024-48986) | Critical | View or Download | UNDERCODE | 2024-11-22 |
Tailoring Management System | 1.0 (Unaffected versions not specified) | SQL Injection through /expcatedit.php argument manipulation (id) | Medium (CVSS v4.0 Base Score: 5.3) | View or Download | UNDERCODE | 2024-11-22 |
Code4Berry Decoration Management System | 1.0 | SQL Injection (CVE-2024-11487) | Critical | View or Download | UNDERCODE | 2024-11-22 |
1000 Projects Bookstore Management System | 1.0 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-22 |
AVL-DiTEST-DiagDev libdoip | 1.0.0 | Null Pointer Dereference in DoIPConnection::reactOnReceivedTcpMessage | Medium | View or Download | UNDERCODE | 2024-11-22 |
idcCMS | 1.60 | Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-22 |
Linux Kernel | Not specified (all versions with vulnerable bnxt_re driver) | Out-of-bounds memory access | Moderate (CVSS v3 base score: 5.5) | View or Download | UNDERCODE | 2024-11-22 |
smol-toml | <1.3.1 | Stack Overflow | Low | View or Download | UNDERCODE | 2023-11-13 |
Tornado | Prior to 6.4.2 | HTTP Cookie Parsing DoS | High | View or Download | UNDERCODE | 2024-11-22 |
Sentry | All versions before next release | Potential Client ID and Secret exposure in error message | Low | View or Download | UNDERCODE | 2024-11-22 |
UAMQP C library | Unaffected versions not specified | Remote Code Execution (RCE) | Critical (CVSS score likely high) | View or Download | UNDERCODE | 2024-11-22 |
WordPress | Up to and including 1.7.2 | Stored Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-22 |
java_shop | 1.0 | File Upload Vulnerability | Not yet rated by NIST | View or Download | UNDERCODE | 2024-11-22 |
Android | Not specified (all versions before August 2024 patch) | Logic error in OwnersData.java | High | View or Download | UNDERCODE | 2024-11-22 |
LibreNMS | Not specified | Reflected XSS (CVE-2024-51496) | Medium | View or Download | UNDERCODE | 2024-11-22 |
ManageEngine ADAudit Plus | Below 8110 | Authenticated SQL Injection (CVE-2024-36518) | High | View or Download | UNDERCODE | 2024-11-22 |
Zyxel P-6101C ADSL modem | P-6101CSA6AP_20140331 | Improper Authentication | HIGH | View or Download | UNDERCODE | 2024-11-22 |
LibreNMS | All versions before 24.10.0 | Reflected XSS | Critical | View or Download | UNDERCODE | 2024-11-22 |
WordPress | Breakdance versions up to 1.7.2 (inclusive) | Unauthorized Access of Data | Medium | View or Download | UNDERCODE | 2024-11-22 |
java_shop | 1.0 | Incorrect Access Control | Critical (CVSS details not yet available) | View or Download | UNDERCODE | 2024-11-22 |
SourceCodester Student Record Management System | 1.0 | Memory Corruption | Critical | View or Download | UNDERCODE | 2024-11-22 |
Querydsl | 5.1.0 | SQL/HQL Injection | High | View or Download | UNDERCODE | 2024-11-22 |
Not specified (versions 3.2.0 through 4.1.3 are vulnerable) | Server-Side Request Forgery (SSRF) | High (CVSS score: 7.5) | View or Download | UNDERCODE | 2024-11-22 | |
SFTPGo | All versions | Arbitrary Command Execution | Critical | View or Download | UNDERCODE | 2023-10-24 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
Luxion KeyShot | Not specified | Remote Code Execution (RCE) through jt file parsing | Critical (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
Luxion KeyShot | Not specified | Stack overflow due to improper validation in 3DS file parsing | Critical (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution (RCE) | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
Adobe InDesign | (not specified) | Information Disclosure | Low | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-18 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-22 |
Linux Kernel | Not specified | Division by zero error in v4l2-tpg | Medium | View or Download | UNDERCODE | 2024-11-22 |
Linux Kernel | Not specified (all versions potentially affected) | Slab-use-after-free in ksmbd_smb2_session_create | High (CVSS score: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
Linux kernel | Not specified | Slab-use-after-free in smb3_preauth_hash_rsp function | HIGH (CVSS v3 score not provided) | View or Download | UNDERCODE | 2024-11-22 |
Linux Kernel | Not specified (all versions vulnerable before a fix) | SCTP Chunk Size Validation Error (CVE-2024-50299) | Not officially rated by NIST (NVD) yet | View or Download | UNDERCODE | 2024-11-22 |
Linux Kernel | Not specified | Buffer overflow in amdgpu_debugfs_gprwave_read() function | Medium (CVSS v2: 4.6, CVSS v3: 7.8) | View or Download | UNDERCODE | 2024-11-22 |
Linux Kernel | Not specified (all versions potentially affected) | Uninitialized use of regulator_config in rtq2208 driver | High (CVSS score not yet available from NVD) | View or Download | UNDERCODE | 2024-11-22 |
SourceCodester Student Record Management System | 1.0 | Stack-based buffer overflow | Critical | View or Download | UNDERCODE | 2024-11-22 |
Android | Not specified (all versions before March 2024 security patch) | Local Information Disclosure (exercise route data) | High | View or Download | UNDERCODE | 2024-11-22 |
Android | Not specified | Incorrect tag used during device policy serialization (CVE-2024-0047) | High (Potential for DoS) | View or Download | UNDERCODE | 2024-11-22 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution (RCE) | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | 4.69 and earlier | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-21 |
IrfanView | Affected versions prior to 4.70 | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-21 |
Linux Kernel | (Not specified in the provided information) | Improper access control in raw_copy_{to,from}_user() functions | Critical (CVSS score not yet available) | View or Download | UNDERCODE | 2024-11-21 |
Linux Kernel | Not specified (all versions potentially affected) | Use-after-free in USB serial io_edgeport code | Medium (CVSS v2 score: 4.6, CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-11-21 |
Linux Kernel | All versions before the fix for CVE-2024-50265 are vulnerable. | Null pointer dereference in ocfs2_xa_remove() function | Critical | View or Download | UNDERCODE | 2024-11-21 |
Linux Kernel | (Not specified in the provided information) | Flaw in sch_cake's flow accounting logic | Medium | View or Download | UNDERCODE | 2024-11-21 |
Linux Kernel | Unaffected versions not specified | Use-After-Free in vsock/virtio (CVE-2024-50264) | Critical (CVSS v3 score details not provided) | View or Download | UNDERCODE | 2024-11-21 |
Linux Kernel | Not specified (all versions vulnerable before fix) | Double free of TX skb | Critical | View or Download | UNDERCODE | 2024-11-21 |
Oracle Agile PLM Framework | 9.3.6 | Information Disclosure | HIGH (CVSS Score: 7.5) | View or Download | UNDERCODE | 2024-11-21 |
Opencast | 13 and 14 | Infinite loop with Elasticsearch queries | Critical | View or Download | UNDERCODE | 2024-11-20 |
Litestar | All versions | Denial of Service (DoS) | Critical | View or Download | UNDERCODE | 2024-11-20 |
Microsoft SharePoint Server | Not specified | Remote Code Execution (RCE) | Critical (CVSS score: 7.2) | View or Download | UNDERCODE | 2024-11-20 |
Linux Kernel | Not specified (potential impact on all versions) | Information Disclosure | Low | View or Download | UNDERCODE | 2024-11-20 |
Linux Kernel | Not specified (likely affects multiple versions) | Firmware crash due to invalid peer nss value in association request | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-20 |
Qualcomm Multiple Products | Various | Multiple Vulnerabilities | Varies | View or Download | UNDERCODE | 2024-11-20 |
Linux Kernel | Not specified (all versions potentially affected) | io_uring overflow handling flaw | Low | View or Download | UNDERCODE | 2024-11-20 |
Linux Kernel | Not specified | Memory access issue in drm/amd/display code | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-20 |
cert-manager | All versions since v0.1.0 | Denial-of-service (DoS) | Medium | View or Download | UNDERCODE | 2024-11-20 |
7-Zip | Affected versions prior to 24.07 | Remote Code Execution | High (CVSS Score: 7.8) | View or Download | UNDERCODE | 2024-11-20 |
N/A | N/A | N/A | N/A | View or Download | UNDERCODE | 2024-11-20 |
Undercoding (mentioned in the article but not a security vulnerability) | N/A (Undercoding is not a security vulnerability) | View or Download | UNDERCODE | 2024-11-20 | ||
Linux Kernel | Not specified (all versions potentially affected) | Race condition in ntfs3 driver | Moderate (CVSS v3 score: 5.5) | View or Download | UNDERCODE | 2024-11-20 |
Qualcomm devices | (not specified) | (not specified) | (not specified) | View or Download | UNDERCODE | 2024-11-20 |
Qualcomm | (see article for specific versions) | Potential Remote Compromise | Critical | View or Download | UNDERCODE | 2024-11-20 |
D-Link DI-8033 | 16.07.26A1 | Buffer Overflow (CVE-2024-52759) | Critical (CVSS v3 score: 9.8) | View or Download | UNDERCODE | 2024-11-20 |
Monoprice Select Mini V2 | V37.115.32 | Improper input validation in printing files | Medium (CVSS 3.x Base Score: 5.5) | View or Download | UNDERCODE | 2024-11-20 |
WordPress Testimonials Widget Plugin | Up to and including 4.0.4 | Stored Cross-Site Scripting (XSS) | Unlisted (CVSS score not provided) | View or Download | UNDERCODE | 2024-11-20 |
Tenda AC6 | v2.0 v15.03.06.50 | Buffer overflow in function "fromSetSysTime" (CVE-2024-52714) | Critical (CVSS v3 score: 9.8) | View or Download | UNDERCODE | 2024-11-20 |
Linux Kernel | Not specified | Integer overflow in drm/amd/display code | Moderate | View or Download | UNDERCODE | 2024-11-20 |
Cosmos SDK | cosmossdk.io/math versions <= math/v1.3.0 | Mismatched bit-length validation in sdk.Int and sdk.Dec | High | View or Download | UNDERCODE | 2024-11-20 |
Moodle | Insecure Direct Object Reference (IDOR) | Moderate | View or Download | UNDERCODE | 2024-11-20 | |
django CMS | Before 4.0 | Cross-site Scripting (XSS) | Moderate | View or Download | UNDERCODE | 2024-11-20 |
Linux Kernel | Not specified (likely affects multiple versions) | Improper synchronization when accessing superblock buffer | Moderate (CVSS v3 base score: 5.5) | View or Download | UNDERCODE | 2024-11-20 |
Linux Kernel | Not specified (potentially all versions with aforementioned configurations enabled) | Out-of-bounds read (based on CVE description) | Medium (according to CVE details, no exploit exists) | View or Download | UNDERCODE | 2024-11-20 |
N/A | N/A | N/A | N/A | View or Download | UNDERCODE | 2024-11-20 |
Buffer overflow in `amdgpu_dm` initialization | Unknown (CVSS score not yet available) | View or Download | UNDERCODE | 2024-11-20 | ||
Cisco Identity Services Engine (ISE) | All versions (at the time of publishing) | Cross-site Scripting (XSS) | Medium (CVSS score: 6.1) | View or Download | UNDERCODE | 2024-11-20 |
Cisco Identity Services Engine (ISE) | All versions (at the time of publication) | Cross-site Scripting (XSS) | MEDIUM | View or Download | UNDERCODE | 2024-11-20 |
Cisco Identity Services Engine (ISE) | All versions (at the time of publication) | Cross-site Scripting (XSS) | MEDIUM | View or Download | UNDERCODE | 2024-11-20 |
Cisco ISE | All versions (at the time of publishing) | XXE (CVE-2024-20531) | MEDIUM (CVSS score: 5.5) | View or Download | UNDERCODE | 2024-11-20 |
Linux Kernel | All versions before 6.11.7 | Null Pointer Dereference (CVE-2024-53050) | Medium | View or Download | UNDERCODE | 2024-11-20 |
Cisco Identity Services Engine (ISE) | All versions (at the time of publication) | Cross-site Scripting (XSS) | MEDIUM | View or Download | UNDERCODE | 2024-11-20 |
Linux kernel | Not specified | Null pointer dereference in `intel_hdcp_get_capability` | Medium (CVSS score not yet available) | View or Download | UNDERCODE | 2024-11-20 |
Anton Hoelstad WP Quick Setup | <= 2.0 | Unrestricted Upload of File with Dangerous Type | Critical | View or Download | UNDERCODE | 2024-11-20 |
Mindstien Technologies My Geo Posts Free | All versions up to 1.2 (inclusive) | Deserialization of Untrusted Data | Critical | View or Download | UNDERCODE | 2024-11-20 |
WordPress Video Robot - The Ultimate Video Importer | All versions up to 1.20.0 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-20 |
Lis Video Gallery | Up to 0.2.1 | Deserialization of Untrusted Data | Critical | View or Download | UNDERCODE | 2024-11-20 |
Post SMTP | All versions up to 2.9.9 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-20 |
GLPI | All versions before 10.0.17 | Reflected XSS | Medium | View or Download | UNDERCODE | 2024-11-20 |
GLPI | All versions before 10.0.17 | SQL Injection | High (CVSS score: 8.1) | View or Download | UNDERCODE | 2024-11-20 |
code-projects Job Recruitment | 1.0 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-20 |
Saso Nikolov Event Tickets with Ticket Scanner | n/a - 2.3.11 | Improper Neutralization of Special Elements Used in a Template Engine | Critical | View or Download | UNDERCODE | 2024-11-20 |
3.1 | Heap-Overflow Vulnerability in DCERPC Protocol | CRITICAL | View or Download | UNDERCODE | 2024-11-20 | |
LibreNMS | All versions before 24.10.0 | Stored Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-20 |
LibreNMS | All versions before 24.10.0 | Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-20 |
Moodle | All versions before 4.5.0-rc2 (unconfirmed) | Improper Authorization | Medium (CVSS v2 score: 5.0, CVSS v3 score: 6.5) | View or Download | UNDERCODE | 2024-11-20 |
LibreNMS | All versions before 24.10.0 | Stored XSS | Medium | View or Download | UNDERCODE | 2024-11-20 |
LibreNMS | Unaffected versions not listed (all versions before 24.10.0 likely vulnerable) | Stored Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-20 |
Moodle | Versions before 4.5.0-rc2 are affected (unclear which specific versions) | Improper Authorization | Medium (CVSS v2 score: 6.4, CVSS v3 score: 4.3) | View or Download | UNDERCODE | 2024-11-20 |
LibreNMS | All versions before 24.10.0 | Stored XSS | Critical | View or Download | UNDERCODE | 2024-11-20 |
Urchenko Drozd – Addons for Elementor | Up to 1.1.1 | Stored XSS (Cross-site Scripting) (CVE-2024-52425) | Medium (CVSS details not specified) | View or Download | UNDERCODE | 2024-11-20 |
Moodle | All versions before 4.1.14, 4.2.11, 4.3.8, 4.4.4 (not exhaustive) | Information Disclosure | Medium | View or Download | UNDERCODE | 2024-11-20 |
WordPress | Linear plugin <= 2.7.11 | Cross-site Scripting (XSS) | Medium (CVSS details not specified) | View or Download | UNDERCODE | 2024-11-20 |
LibreNMS | All versions before 24.10.0 | Stored Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-20 |
LibreNMS | Unaffected versions not listed (all versions before 24.10.0 likely vulnerable) | Stored XSS | Critical | View or Download | UNDERCODE | 2024-11-20 |
LibreNMS | All versions before 24.10.0 | Stored Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-20 |
SourceCodester Online Eyewear Shop | 1.0 | Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-20 |
Windows | SecureID Software Token for Microsoft Windows | Remote Code Execution | High | View or Download | UNDERCODE | 2024-11-19 |
eDrawings Viewer | All versions from SOLIDWORKS 2024 through 2025 (unspecified) | Heap-based buffer overflow and uninitialized variable vulnerabilities in X_B and SAT file parsing | Critical (CVSS: 7.8) | View or Download | UNDERCODE | 2024-11-19 |
1000 Projects Beauty Parlour Management System | 1.0 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-19 |
WordPress | WP Activity Log plugin versions up to 5.2.1 | Stored Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-19 |
GLPI | All versions before 10.0.17 (vulnerable) | Access Control Bypass (CVE-2024-45611) | Medium | View or Download | UNDERCODE | 2024-11-19 |
WordPress | Tripetto plugin versions up to 8.0.3 | Stored Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-19 |
1000 Projects Beauty Parlour Management System | 1.0 | SQL Injection | Critical | View or Download | UNDERCODE | 2024-11-19 |
1000 Projects Portfolio Management System MCA | 1.0 | SQL injection | Critical | View or Download | UNDERCODE | 2024-11-19 |
Farmacia | 1.0 (all versions likely affected) | Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-19 |
Adobe Audition | 23.6.9, 24.4.6 and earlier | Out-of-bounds read vulnerability | Medium (CVSS: 5.5) | View or Download | UNDERCODE | 2024-11-19 |
Microsoft VHDX | (Not specified) | Denial-of-Service (DoS) | Medium (CVSS score: 5.9) | View or Download | UNDERCODE | 2024-11-19 |
GLPI | All versions before 10.0.17 | Reflected XSS (CVE-2024-45609) | Medium (CVSS v3.1 score: 6.5) - Though some sources list it as High (CVSS v2 score: 7.8) | View or Download | UNDERCODE | 2024-11-19 |
WordPress | Up to and including 2.5.7 | Stored Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-19 |
Windows | Not specified | Elevation of Privilege in USB Video Class System Driver | MEDIUM (CVSS score: 6.8) | View or Download | UNDERCODE | 2024-11-19 |
Windows SMBv3 Server | (not specified in this article) | Remote Code Execution (RCE) | High (CVSS score: 8.1) | View or Download | UNDERCODE | 2024-11-19 |
GLPI | All versions before 10.0.17 | Reflected Cross-Site Scripting (XSS) | Pending analysis by NIST | View or Download | UNDERCODE | 2024-11-19 |
WordPress Plugin (The Music Player for Elementor) | All versions up to 2.4.1 | Unauthorized modification of data (CVE-2024-10582) | Critical | View or Download | UNDERCODE | 2024-11-19 |
Remote Code Execution | High (CVSS score: 8.8) | View or Download | UNDERCODE | 2024-11-19 | ||
Ceph RGW (civetweb) | Not specified | Multiple connection establishment to exhaust file descriptors | Denial-of-Service (DoS) | View or Download | UNDERCODE | 2024-11-19 |
Intel Server Board M10JNP2SB Family (exact versions not specified) | Not specified | Improper input validation in UEFI firmware | High (CVSS score: 7.5 - 8.7 depending on the version of CVSS used) | View or Download | UNDERCODE | 2024-11-19 |
Windows Registry Elevation of Privilege Vulnerability | HIGH (CVSS score: 7.5) | View or Download | UNDERCODE | 2024-11-19 | ||
ImageMagick, GraphicsMagick | Before 1.3.24 (both platforms) | Arbitrary Code Execution | Not specified (CVSS score likely available elsewhere) | View or Download | UNDERCODE | 2024-11-19 |
ImageMagick | Not specified (versions before the fix are vulnerable) | Out-of-bounds write via PDB file | Medium (CVSS v3 score: 6.5) | View or Download | UNDERCODE | 2024-11-19 |
LittleCMS (lcms or liblcms) | Before 1.18beta2 | Multiple integer overflows | High (CVSS v2 score: 9.3) | View or Download | UNDERCODE | 2024-11-19 |
.NET Core | 9.0 | Denial of Service (DoS) | High (CVSS v3 base score: 7.5) | View or Download | UNDERCODE | 2024-11-19 |
tsMuxer | nightly-2024-05-12-02-01-18 (specific version only) | Heap-based buffer under-read | Not specified (CVSS score not provided) | View or Download | UNDERCODE | 2024-11-19 |
Improper Access Control in UEFI firmware | Not yet analyzed by NVD | View or Download | UNDERCODE | 2024-11-19 | ||
GentleSource Appointmind | All versions before 4.0.0 | Cross-Site Request Forgery (CSRF) leading to Stored XSS | High (based on CVE details) | View or Download | UNDERCODE | 2024-11-19 |
rclone | v1.68.1 | Insecure Handling of Symlinks | High | View or Download | UNDERCODE | 2024-11-19 |
Siemens Tecnomatix Plant Simulation | All versions before V2302.0018 and V2404.0007 | Out-of-bounds read vulnerability in WRL file parsing | High (CVSS v3.1 score: 7.8) | View or Download | UNDERCODE | 2024-11-19 |
Siemens Tecnomatix Plant Simulation | (not specified) | Remote Code Execution (RCE) through WRL file parsing | High (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-11-19 |
Siemens Tecnomatix Plant Simulation | Not specified | Remote Code Execution (RCE) through WRL file parsing | View or Download | UNDERCODE | 2024-11-19 | |
Cesanta Mongoose Web Server | 7.14 | Use of Out-of-range Pointer Offset | Medium | View or Download | UNDERCODE | 2024-11-19 |
Cesanta Mongoose Web Server | 7.14 | Improper Neutralization of Delimiters | Medium (CVSS 3.1 score: 4.0) | View or Download | UNDERCODE | 2024-11-19 |
Cesanta Mongoose Web Server | v7.14 | Out-of-range Pointer Offset | Medium | View or Download | UNDERCODE | 2024-11-19 |
Cesanta Mongoose Web Server | 7.14 | Use of Out-of-range Pointer Offset | Medium | View or Download | UNDERCODE | 2024-11-19 |
Cesanta Mongoose Web Server | 7.14 | Use of Out-of-range Pointer Offset | High (CVSS Score: 8.5) | View or Download | UNDERCODE | 2024-11-19 |
EyouCMS | 1.51 | Path Traversal | Medium | View or Download | UNDERCODE | 2024-11-19 |
Cesanta Mongoose Web Server | 7.14 | Integer Overflow or Wraparound | High (CVSS v2 score: 7.8, CVSS v3 score: 7.5) | View or Download | UNDERCODE | 2024-11-19 |
Craft CMS | Prior to 4.12.2 and 5.4.3 | Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI) | High | View or Download | UNDERCODE | 2024-11-19 |
Cesanta Mongoose Web Server | 7.14 | Improper Neutralization of Delimiters | Medium | View or Download | UNDERCODE | 2024-11-19 |
Cesanta Mongoose Web Server | 7.14 | Use of Out-of-range Pointer Offset | Medium (CVSS score: 4.3) | View or Download | UNDERCODE | 2024-11-19 |
Craft CMS | All versions before 5.4.9 and 4.12.8 | Information Disclosure | High | View or Download | UNDERCODE | 2024-11-19 |
Apache Kafka | 2.3.0 - 3.5.2, 3.6.2, 3.7.0 | Improper Privilege Management | High | View or Download | UNDERCODE | 2023-10-17 |
Linux kernel | Not specified (likely affects multiple versions) | Unbalanced locking in pc_clock_settime() | Moderate (CVSS v3: 5.5, CVSS v4: 6.8) | View or Download | UNDERCODE | 2024-11-19 |
ImageMagick | Not specified | Denial-of-Service (DoS) via crafted PSD file | Medium (CVSS score: 6.5) | View or Download | UNDERCODE | 2024-11-19 |
Security Center application (vendor not specified) | All versions (not specified) | HTML Injection | Medium (CVSS 3.x Base Score: 5.9) | View or Download | UNDERCODE | 2024-11-19 |
Linux Kernel | Not specified | Namespace copy issue (rbtree removal) | Not provided (CVSS details likely missing from provided text) | View or Download | UNDERCODE | 2024-11-19 |
Linux Kernel | Not specified | Memory Corruption in RDMA/bnxt_re driver | Not specified (CVSS score not provided) | View or Download | UNDERCODE | 2024-11-19 |
Linux kernel | Not specified | Improper locking during sub buffer order change (CVE-2024-50207) | Medium (CVSS score not explicitly mentioned) | View or Download | UNDERCODE | 2024-11-19 |
WordPress | Royal Elementor Addons and Templates plugin versions up to 1.7.1001 | Stored Cross-Site Scripting (XSS) | Medium (CVSS 3.1 Base Score: 6.4) | View or Download | UNDERCODE | 2024-11-19 |
OpenEMR | 7.0.1 | Stored XSS | High (CVSS score not yet available) | View or Download | UNDERCODE | 2024-11-19 |
VK All in One Expansion Unit | Prior to 9.100.1.0 | Cross-site scripting (XSS) | Medium (CVSS v3 score: 4.8) | View or Download | UNDERCODE | 2024-11-19 |
Linux Kernel | Not specified (potentially all versions using nilfs2) | Improper Error Handling in nilfs2 | Not yet assigned a CVSS score (as of November 19, 2024) | View or Download | UNDERCODE | 2024-11-19 |
WordPress | AFI plugin up to and including 1.92.0 | Reflected Cross-Site Scripting (XSS) | Medium (CVSS not yet analyzed) | View or Download | UNDERCODE | 2024-11-19 |
WordPress | Royal Elementor Addons and Templates plugin versions up to 1.7.1001 | Stored Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-19 |
calibre-web | Not specified | Cross-site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-19 |
WordPress | Up to 2.9.5 | Local File Inclusion (LFI) | Critical (CVSS 3.x Base Score: 9.8) | View or Download | UNDERCODE | 2024-11-19 |
WordPress | MultiManager WP – Manage All Your WordPress Sites Easily plugin (up to 1.0.5) | Authentication Bypass | Critical | View or Download | UNDERCODE | 2024-11-19 |
WordPress | Royal Elementor Addons and Templates plugin versions up to 1.7.1001 | Stored Cross-Site Scripting (XSS) | Medium | View or Download | UNDERCODE | 2024-11-19 |
Thunderbird | < 128.4.3 and < 132.0.1 | Disclosure of plaintext in OpenPGP encrypted messages | Not specified (CVSS score likely available elsewhere) | View or Download | UNDERCODE | 2024-11-19 |
Dolibarr | Versions before 'develop' branch | Improper Authorization | Medium | View or Download | UNDERCODE | 2024-11-19 |
Harbor | Unaffected versions not specified (all versions before 2.5.2 likely vulnerable) | Improper Authorization | Not available in provided resources | View or Download | UNDERCODE | 2024-11-19 |
calibre-web | Unknown | Improper Access Control | Low | View or Download | UNDERCODE | 2024-11-19 |
Harbor | Not specified | Improper Authorization | High (CVSS: 7.4) | View or Download | UNDERCODE | 2024-11-19 |
SourceCodester Best Employee Management System | 1.0 | SQL Injection | Medium | View or Download | UNDERCODE | 2024-11-19 |
Harbor | 1.0 through 1.10.12, 2.0 through 2.4.2 and 2.5 through 2.5.1 (all versions before the fix) | Improper Authorization | High | View or Download | UNDERCODE | 2024-11-19 |
Harbor | (Unaffected versions not specified) | Insecure Direct Object Reference (IDOR) - CVE-2022-31667 | High (CVSS details not yet available) | View or Download | UNDERCODE | 2024-11-19 |
PHPGurukul User Registration & Login and User Management System | 3.2 | Reflected Cross-Site Scripting (XSS) | Not officially rated, but likely medium based on similar vulnerabilities. | View or Download | UNDERCODE | 2024-11-19 |
Harbor | All versions before 2.5.2 | Insecure Direct Object Reference (IDOR) | High | View or Download | UNDERCODE | 2024-11-19 |
SourceCodester Best Employee Management System | 1.0 (all versions likely affected) | SQL Injection | Medium (CVSS v3: 5.1) | View or Download | UNDERCODE | 2024-11-19 |
VIWIS LMS | 9.11 | Missing Authorization in Print Handler | Critical | View or Download | UNDERCODE | 2024-11-19 |
phpipam | All versions before 1.4.7 | Cross-Site Scripting (XSS) | Low | View or Download | UNDERCODE | 2024-11-19 |
WordPress (Hoo Addons for Elementor plugin) | Up to 1.0.6 | Cross-Site Scripting (XSS) | Not yet determined (CVSS information is undergoing analysis) | View or Download | UNDERCODE | 2024-11-18 |
Kashipara E-learning Management System Project | 1.0 | SQL Injection | Critical (CVSS v3 score: 9.8) | View or Download | UNDERCODE | 2024-11-18 |
Windows | Multiple versions | Elevation of Privilege | High | View or Download | UNDERCODE | 2024-11-18 |
NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451) | Medium (CVSS score: 6.5) | View or Download | UNDERCODE | 2024-11-18 | ||
Palo Alto Networks Expedition | Not specified | SQL Injection (CVE-2024-9465) | Critical (CVSS score: 9.2) | View or Download | UNDERCODE | 2024-11-18 |
Nostromo nhttpd | <= 1.9.6 | Directory Traversal | Critical (Remote Code Execution) | View or Download | UNDERCODE | 2024-11-18 |
PTZOptics PT30X-SDI/NDI-xx | Before 6.3.40 | Insufficient Authentication (CVE-2024-8956) | Critical (CVSS Score: 9.1) | View or Download | UNDERCODE | 2024-11-18 |
Palo Alto Networks Expedition | All versions before 1.2.96 (including 1.2.0) | OS Command Injection | CRITICAL (CVSS score: 9.9) | View or Download | UNDERCODE | 2024-11-18 |
Roundcube Webmail | Before 1.5.7 and 1.6.x before 1.6.7 | XSS via SVG animate attributes | Medium (CVSS score: 6.1) | View or Download | UNDERCODE | 2024-11-18 |
PTZOptics PT30X-SDI/NDI-xx | Before 6.3.40 | OS Command Injection (CVE-2024-8957) | HIGH (CVSS: 7.2) | View or Download | UNDERCODE | 2024-11-18 |
View or Download | UNDERCODE | 2024-11-18 | ||||
9.0.0.M30 | Deserialization of untrusted data vulnerability | CRITICAL | View or Download | UNDERCODE | 2024-11-18 | |
Metabase | < 0.40.5 and < 1.40.5 | Local File Inclusion (LFI) | CRITICAL | View or Download | UNDERCODE | 2023-11-28 |
Windows Kernel | All | Elevation of Privilege | HIGH | View or Download | UNDERCODE | 2024-11-18 |
Palo Alto Networks Expedition | All versions before 1.2.92 | Missing Authentication | CRITICAL (CVSS Score: 9.3) | View or Download | UNDERCODE | 2024-11-18 |
ScienceLogic SL1 (formerly EM7) | All versions before 12.1.3, 12.2.3, and 12.3+ | Remote Code Execution (RCE) due to unspecified third-party component vulnerability (CVE-2024-9537) | CRITICAL (CVSS v2: 9.8, CVSS v3: 9.3) | View or Download | UNDERCODE | 2024-11-18 |
Ravpn | Multiple versions affected | Remote Access VPN (RAVPN) Service Denial of Service (DoS) Vulnerability | MEDIUM | View or Download | UNDERCODE | 2024-11-18 |
Jira | Critical | View or Download | UNDERCODE | 2024-11-18 | ||
Spring MVC | Vulnerable versions | DoS | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Apache Tomcat | 11.0.0-M23 through 11.0.0-M26, 10.1.27 through 10.1.30, 9.0.92 through 9.0.95 | Request and/or response mix-up | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Rust crate `sharks` | Affected versions | Shamir Secret Sharing bias | Medium | View or Download | UNDERCODE | 2024-11-19 |
django CMS | 3.11.7, 3.11.8, 4.1.2, 4.1.3 | Cross-Site Scripting (XSS) | Critical | View or Download | UNDERCODE | 2024-11-19 |
aiohttp | (Affected versions) | Memory Leak | Moderate | View or Download | UNDERCODE | 2024-11-19 |
PhpSpreadsheet | All versions before 1.9.4, 2.1.3, 2.3.2, and 3.4.0 | XXE (XML External Entity) | High | View or Download | UNDERCODE | 2024-11-19 |
Moodle | !ERROR! B767 -> Formula Error: Unexpected , | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Debezium database connector | [Specific version affected] | Script injection | Moderate | View or Download | UNDERCODE | 2024-11-19 |
< v2.10.2 | Multiple Command Injection Vulnerabilities | Medium | View or Download | UNDERCODE | 2024-11-19 | |
Moodle | IDOR | Moderate | View or Download | UNDERCODE | 2024-11-19 | |
Cobbler | 3.0.0 - 3.2.2 / 3.3.6 (all prior to 3.2.3 and 3.3.7) | Improper Authentication | Critical | View or Download | UNDERCODE | 2024-11-19 |
Moodle | Unauthorized deletion of report audiences | Moderate | View or Download | UNDERCODE | 2024-11-19 | |
Undertow | Incorrect Cookie Parsing | High | View or Download | UNDERCODE | 2024-11-19 | |
Graylog | 6.1.0, 6.1.1 | Concurrent PDF report rendering information leakage | High | View or Download | UNDERCODE | 2024-11-19 |
PhpSpreadsheet | = 2.0.0 = 2.2.0 = 3.3.0 < 3.4.0 | XXE (XML External Entity) | High | View or Download | UNDERCODE | 2024-11-19 |
LibreNMS | (Unaffected versions to be filled by official source) | Stored XSS | Critical | View or Download | UNDERCODE | 2024-11-19 |
aiohttp | Vulnerable versions | Request Smuggling | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Regular Expression Denial of Service (ReDoS) | Low | View or Download | UNDERCODE | 2024-11-19 | ||
OpenStack | [Specific Version Affected] | Improper Deletion of Access Rules | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Elevation of Privilege in Secure Kernel Mode | Medium (CVSS v3.1 base score: 6.7) | View or Download | UNDERCODE | 2024-11-19 | ||
Elevation of Privilege | Medium (CVSS score: 6.8) | View or Download | UNDERCODE | 2024-11-19 | ||
Elevation of Privilege in DWM Core Library | HIGH (CVSS 3.1 base score: 7.8) | View or Download | UNDERCODE | 2024-11-19 | ||
Windows | Not specified (all Windows versions with Kerberos are likely vulnerable) | Remote Code Execution (RCE) | Critical (CVSS 3.x score: 9.8) | View or Download | UNDERCODE | 2024-11-19 |
Windows (affected versions not specified) | Not specified | Elevation of Privilege in USB Video Class System Driver | Medium (CVSS v3 score: 6.8) | View or Download | UNDERCODE | 2024-11-19 |
Windows | (not specified) | Windows Registry Elevation of Privilege | HIGH (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-11-19 |
TorchGeo (exact platform unspecified) | Unknown | Remote Code Execution (RCE) | HIGH (CVSS score: 8.1) | View or Download | UNDERCODE | 2024-11-19 |
Client-Side Caching Elevation of Privilege | HIGH (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-11-19 | ||
Win32k Elevation of Privilege Vulnerability | HIGH (CVSS v3.1 base score: 7.8) | View or Download | UNDERCODE | 2024-11-19 | ||
Windows Kernel | Not specified | Elevation of Privilege | HIGH (CVSS v3 score: 7.8) | View or Download | UNDERCODE | 2024-11-19 |
Secure Kernel Mode Elevation of Privilege | Medium (CVSS v3 score: 6.7) | View or Download | UNDERCODE | 2024-11-19 | ||
Microsoft PC Manager | (not specified in available information) | Elevation of Privilege | High (CVSS 3.1: 7.8) | View or Download | UNDERCODE | 2024-11-19 |
Windows Telephony Service | (Not specified) | Remote Code Execution (RCE) | High (CVSS 3.x Base Score: 8.8) | View or Download | UNDERCODE | 2024-11-19 |
Microsoft Hyper-V | (not specified in available information) | Denial of Service (DoS) | Medium (CVSS 3.1 base score: 6.5) | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Moodle | < 4.1.14, >= 4.2.0, < 4.2.11, >= 4.3.0, < 4.3.8, >= 4.4.0, < 4.4.4 | IDOR (Insecure Direct Object Reference) | Moderate | View or Download | UNDERCODE | 2024-11-19 |
Apple Products (tvOS, visionOS, Safari, watchOS, iOS, iPadOS, macOS) | Not applicable (fixed in specific versions) | URL protocol handling issue allowing potential web content restriction bypass | Medium (CVSS v2: 5.5, CVSS v3 details not provided) | View or Download | UNDERCODE | 2024-11-19 |
Hugging Face Transformers | Affected versions | Remote Code Execution | Critical (CVSS 8.8) | View or Download | UNDERCODE | 2024-11-19 |
Android | Not specified | Out-of-bounds write in PMRWritePMPageList function (pmr.c) | High (Local Privilege Escalation) | View or Download | UNDERCODE | 2024-11-19 |
Gogs | <= 0.12.7 | Remote Command Execution | Medium | View or Download | UNDERCODE | 2024-11-19 |
usememos/memos | 0.9.1 (Vulnerable) | Stored XSS | Critical | View or Download | UNDERCODE | 2024-11-19 |
Wallabag | 2.5.2 | CSRF | Not specified in the provided information | View or Download | UNDERCODE | 2024-11-19 |
🦑 WANT MORE ?
Loading…