CVE-2024-50572 (v3: 7.2) 12 Nov 2024
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK610... Read more ➔
CVE-2024-52004 8 Nov 2024
MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities t... Read more ➔
CVE-2024-50340 6 Nov 2024
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc`... Read more ➔
CVE-2024-49381 25 Oct 2024
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to a... Read more ➔
CVE-2024-49380 25 Oct 2024
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an a... Read more ➔
CVE-2024-48927 22 Oct 2024
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x... Read more ➔
CVE-2024-47180 26 Sep 2024
Shields.io is a service for concise, consistent, and legible badges in SVG and raster format. Shields.io and users self-hosting their own instance of... Read more ➔
CVE-2024-46997 23 Sep 2024
DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a car... Read more ➔
CVE-2024-46983 20 Sep 2024
sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to rest... Read more ➔
CVE-2024-46986 18 Sep 2024
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the uplo... Read more ➔
CVE-2024-43393 (v3: 6.5) 10 Sep 2024
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network acces... Read more ➔
CVE-2024-43392 (v3: 6.5) 10 Sep 2024
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network acces... Read more ➔
CVE-2024-43391 (v3: 6.5) 10 Sep 2024
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network acces... Read more ➔
CVE-2024-43390 (v3: 6.5) 10 Sep 2024
A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_... Read more ➔
CVE-2024-43389 10 Sep 2024
A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY en... Read more ➔
CVE-2024-43388 (v3: 8.8) 10 Sep 2024
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation. Read more ➔
CVE-2024-8367 1 Sep 2024
A vulnerability was found in HM Courts & Tribunals Service Probate Back Office up to c1afe0cdb2b2766d9e24872c4e827f8b82a6cd31. It has been classif... Read more ➔
CVE-2024-26020 (v3: 9.6) 22 Jul 2024
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbit... Read more ➔
CVE-2024-39863 17 Jul 2024
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.... Read more ➔
CVE-2024-38700 12 Jul 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in realmag777 WPCS allows Code Inject... Read more ➔
CVE-2024-36522 12 Jul 2024
The default configuration of XSLTResourceStream.java is vulnerable to remote code execution via XSLT injection when processing input from an untrusted... Read more ➔
CVE-2024-37442 9 Jul 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Photo Gallery Team Photo Gallery b... Read more ➔
CVE-2024-37253 9 Jul 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in WpDirectoryKit WP Directory Kit al... Read more ➔
CVE-2024-35777 9 Jul 2024
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Cont... Read more ➔
CVE-2024-6470 3 Jul 2024
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.... Read more ➔