CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
ID | Description | Modified | References |
---|---|---|---|
CVE-2023-30131 | An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. | September 12, 2024. 21:35:00 | [www.bramfitt-tech-labs.com] |
CVE-2024-41629 | An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials | September 12, 2024. 21:35:00 | [seclists.org] |
CVE-2024-8695 | A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. | September 12, 2024. 21:35:00 | [docs.docker.com] |
CVE-2024-8696 | A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. | September 12, 2024. 21:35:00 | [docs.docker.com] |
CVE-2024-25270 | An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. | September 12, 2024. 21:35:00 | [github.com] |
CVE-2024-34334 | ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. | September 12, 2024. 21:35:00 | [foss-online.com][ordat.com] |
CVE-2024-34335 | ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. | September 12, 2024. 21:35:00 | [foss-online.com][ordat.com] |
CVE-2020-24061 | Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script | September 12, 2024. 21:35:00 | [medium.com][github.com] |
CVE-2024-20430 | A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. | September 12, 2024. 21:34:00 | [sec.cloudapps.cisco.com] |
CVE-2024-44459 | A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption. | September 12, 2024. 21:34:00 | [github.com] |
CVE-2024-44460 | An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). | September 12, 2024. 21:34:00 | [github.com] |
CVE-2024-45607 | whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3. | September 12, 2024. 21:34:00 | [github.com][github.com] |
CVE-2024-6077 | A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover. | September 12, 2024. 21:34:00 | [www.rockwellautomation.com] |
CVE-2024-8533 | A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges. | September 12, 2024. 21:34:00 | [www.rockwellautomation.com] |
CVE-2024-7889 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | September 11, 2024. 23:15:00 | [support.citrix.com] |
CVE-2024-7890 | Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | September 11, 2024. 23:15:00 | [support.citrix.com] |
CVE-2024-8705 | A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | September 11, 2024. 23:15:00 | [vuldb.com][vuldb.com] |
CVE-2024-0874 | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | September 11, 2024. 22:15:00 | [access.redhat.com][bugzilla.redhat.com] |
CVE-2023-46347 | In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | September 11, 2024. 21:35:00 | [security.friendsofpresta.org] |
CVE-2023-51084 | hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. | September 11, 2024. 21:35:00 | [github.com] |
Page 2 of 1342