CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 9, 2024. 07:20:31 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2024-25560 | When BIG-IP AFM is licensed and provisioned, undisclosed DNS traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 8, 2024. 17:05:00 | [my.f5.com] |
| CVE-2024-26026 | An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | May 8, 2024. 17:05:00 | [my.f5.com] |
| CVE-2024-27202 | A DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 8, 2024. 17:05:00 | [my.f5.com] |
| CVE-2024-30459 | Missing Authorization vulnerability in AIpost AI WP Writer.This issue affects AI WP Writer: from n/a through 3.6.5. | May 8, 2024. 17:05:00 | [patchstack.com] |
| CVE-2024-33574 | Missing Authorization vulnerability in appsbd Vitepos.This issue affects Vitepos: from n/a through 3.0.1. | May 8, 2024. 17:05:00 | [patchstack.com] |
| CVE-2024-4650 | A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263494 is the identifier assigned to this vulnerability. | May 8, 2024. 17:05:00 | [vuldb.com][vuldb.com] |
| CVE-2024-22460 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | May 8, 2024. 17:05:00 | [www.dell.com] |
| CVE-2024-24787 | On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. | May 8, 2024. 17:05:00 | [go.dev][go.dev] |
| CVE-2024-24788 | A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | May 8, 2024. 17:05:00 | [go.dev][go.dev] |
| CVE-2024-24908 | Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem. | May 8, 2024. 17:05:00 | [www.dell.com] |
| CVE-2024-25527 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25529 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /WorkFlow/wf_office_file_history_show.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25530 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-25531 | RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | May 8, 2024. 17:05:00 | [gist.github.com] |
| CVE-2024-28971 | Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | May 8, 2024. 17:05:00 | [www.dell.com] |
| CVE-2024-31961 | A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. | May 8, 2024. 17:05:00 | [bugs.sonic-technology.com] |
| CVE-2024-4652 | A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263496. | May 8, 2024. 17:05:00 | [vuldb.com][vuldb.com] |
| CVE-2024-26925 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction again. Move it at the end of the abort phase after nft_gc_seq_end() is called. | May 8, 2024. 15:15:00 | [git.kernel.org][git.kernel.org] |
| CVE-2024-28132 | Exposure of Sensitive Information vulnerability exists in the GSLB container, which may allow an authenticated attacker with local access to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 8, 2024. 15:15:00 | [my.f5.com] |
| CVE-2024-28883 | An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 8, 2024. 15:15:00 | [my.f5.com] |
Page 2 of 1253
