RiSec CyberAwareness Logo

CVEs Today

Latest Information on Common Vulnerabilities and Exposures (CVEs)

Last updated: September 13, 2024. 03:00:39 UTC

click on an item for more info;

ID Description Modified References
CVE-2023-30131 An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. September 12, 2024. 21:35:00 [www.bramfitt-tech-labs.com]
CVE-2024-41629 An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials September 12, 2024. 21:35:00 [seclists.org]
CVE-2024-8695 A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. September 12, 2024. 21:35:00 [docs.docker.com]
CVE-2024-8696 A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. September 12, 2024. 21:35:00 [docs.docker.com]
CVE-2024-25270 An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. September 12, 2024. 21:35:00 [github.com]
CVE-2024-34334 ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. September 12, 2024. 21:35:00 [foss-online.com][ordat.com]
CVE-2024-34335 ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. September 12, 2024. 21:35:00 [foss-online.com][ordat.com]
CVE-2020-24061 Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script September 12, 2024. 21:35:00 [medium.com][github.com]
CVE-2024-20430 A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.  This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges.  September 12, 2024. 21:34:00 [sec.cloudapps.cisco.com]
CVE-2024-44459 A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption. September 12, 2024. 21:34:00 [github.com]
CVE-2024-44460 An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). September 12, 2024. 21:34:00 [github.com]
CVE-2024-45607 whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone using the post or verifyRequestSignature methods to handle messages is impacted. This vulnerability is fixed in 4.0.3. September 12, 2024. 21:34:00 [github.com][github.com]
CVE-2024-6077 A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover. September 12, 2024. 21:34:00 [www.rockwellautomation.com]
CVE-2024-8533 A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges. September 12, 2024. 21:34:00 [www.rockwellautomation.com]
CVE-2024-7889 Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows September 11, 2024. 23:15:00 [support.citrix.com]
CVE-2024-7890 Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows September 11, 2024. 23:15:00 [support.citrix.com]
CVE-2024-8705 A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. September 11, 2024. 23:15:00 [vuldb.com][vuldb.com]
CVE-2024-0874 A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. September 11, 2024. 22:15:00 [access.redhat.com][bugzilla.redhat.com]
CVE-2023-46347 In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. September 11, 2024. 21:35:00 [security.friendsofpresta.org]
CVE-2023-51084 hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. September 11, 2024. 21:35:00 [github.com]


Page 2 of 1342



Discord Invite
View Disclaimer
Powered by NameCheap