VYPR

CVEs

1,630 total · page 7 of 33

  • CVE-2024-11120KEVNov 15, 2024
    risk 0.17cvss epss 0.29

    Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we…

  • CVE-2024-43093KEVNov 13, 2024
    risk 0.12cvss epss 0.01

    In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution…

  • CVE-2024-8069KEVNov 12, 2024
    risk 0.16cvss epss 0.15

    Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

  • CVE-2024-49039KEVNov 12, 2024
    risk 0.23cvss epss 0.14

    Windows Task Scheduler Elevation of Privilege Vulnerability

  • CVE-2024-43451KEVNov 12, 2024
    risk 0.19cvss epss 0.82

    NTLM Hash Disclosure Spoofing Vulnerability

  • CVE-2024-8068KEVNov 12, 2024
    risk 0.13cvss epss 0.01

    Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain

  • CVE-2024-51567KEVOct 29, 2024
    risk 0.28cvss epss 0.87

    upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell…

  • CVE-2024-51378KEVOct 29, 2024
    risk 0.29cvss epss 0.95

    getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST…

  • CVE-2024-50623KEVOct 27, 2024
    risk 0.26cvss epss 0.99

    In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.

  • CVE-2024-20481KEVOct 23, 2024
    risk 0.13cvss epss 0.16

    A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service. This…

  • CVE-2024-47575KEVOct 23, 2024
    risk 0.23cvss epss 0.95

    A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1…

  • CVE-2024-41713KEVOct 21, 2024
    risk 0.26cvss epss 0.98

    A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized…

  • CVE-2024-9537KEVOct 18, 2024
    risk 0.17cvss epss 0.04

    ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1. The vulnerability is addressed in SL1 versions 12.1.3+, 12.2.3+, and 12.3+. Remediations have been made available for all SL1 versions…

  • CVE-2024-9465KEVOct 9, 2024
    risk 0.20cvss epss 1.00

    An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary…

  • CVE-2024-9463KEVOct 9, 2024
    risk 0.20cvss epss 0.98

    An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

  • CVE-2024-9680KEVOct 9, 2024
    risk 0.20cvss epss 0.33

    An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR <…

  • CVE-2024-43572KEVOct 8, 2024
    risk 0.16cvss epss 0.61

    Microsoft Management Console Remote Code Execution Vulnerability

  • CVE-2024-43468KEVOct 8, 2024
    risk 0.19cvss epss 0.61

    Microsoft Configuration Manager Remote Code Execution Vulnerability

  • CVE-2024-43573KEVOct 8, 2024
    risk 0.13cvss epss 0.44

    Windows MSHTML Platform Spoofing Vulnerability

  • CVE-2024-9380KEVOct 8, 2024
    risk 0.19cvss epss 0.63

    An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution.

  • CVE-2024-9379KEVOct 8, 2024
    risk 0.18cvss epss 0.44

    SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements.

  • CVE-2024-43047KEVOct 7, 2024
    risk 0.12cvss epss 0.01

    Memory corruption while maintaining memory maps of HLOS memory.

  • CVE-2024-45519KEVOct 2, 2024
    risk 0.20cvss epss 1.00

    The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.

  • CVE-2024-8963KEVSep 19, 2024
    risk 0.20cvss epss 0.99

    Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

  • CVE-2024-8957KEVSep 17, 2024
    risk 0.16cvss epss 0.82

    PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an OS command injection issue. The camera does not sufficiently validate the ntp_addr configuration value which may lead to arbitrary command execution when ntp_client is started. When chained with CVE-2024-8956,…

  • CVE-2024-8956KEVSep 17, 2024
    risk 0.19cvss epss 0.61

    PTZOptics PT30X-SDI/NDI-xx before firmware 6.3.40 is vulnerable to an insufficient authentication issue. The camera does not properly enforce authentication to /cgi-bin/param.cgi when requests are sent without an HTTP Authorization header. The result is a remote and…

  • CVE-2024-38813KEVSep 17, 2024
    risk 0.14cvss epss 0.17

    The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

  • CVE-2024-38812KEVSep 17, 2024
    risk 0.18cvss epss 0.54

    The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code…

  • CVE-2024-8190KEVSep 10, 2024
    risk 0.19cvss epss 0.89

    An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution. The attacker must have admin level privileges to exploit this vulnerability.

  • CVE-2024-43461KEVSep 10, 2024
    risk 0.13cvss epss 0.52

    Windows MSHTML Platform Spoofing Vulnerability

  • CVE-2024-38226KEVSep 10, 2024
    risk 0.12cvss epss 0.03

    Microsoft Publisher Security Feature Bypass Vulnerability

  • CVE-2024-38217KEVSep 10, 2024
    risk 0.13cvss epss 0.10

    Windows Mark of the Web Security Feature Bypass Vulnerability

  • CVE-2024-38014KEVSep 10, 2024
    risk 0.13cvss epss 0.06

    Windows Installer Elevation of Privilege Vulnerability

  • CVE-2024-40711KEVSep 7, 2024
    risk 0.24cvss epss 0.88

    A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

  • CVE-2024-20439KEVSep 4, 2024
    risk 0.19cvss epss 0.92

    A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative…

  • CVE-2024-45195KEVSep 4, 2024
    risk 0.20cvss epss 1.00

    Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.

  • CVE-2024-6670KEVAug 29, 2024
    risk 0.29cvss epss 0.95

    In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.

  • CVE-2024-40766KEVAug 23, 2024
    risk 0.18cvss epss 0.16

    An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices,…

  • CVE-2024-39717KEVAug 22, 2024
    risk 0.12cvss epss 0.04

    The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change…

  • CVE-2024-28987KEVAug 21, 2024
    risk 0.23cvss epss 0.93

    The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.

  • CVE-2024-7971KEVAug 21, 2024
    risk 0.12cvss epss 0.19

    Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-7965KEVAug 21, 2024
    risk 0.14cvss epss 0.17

    Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-7262KEVAug 15, 2024
    risk 0.13cvss epss 0.02

    Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.16412 (exclusive) on Windows allows an attacker to load an arbitrary Windows library. The vulnerability was found weaponized as a single-click exploit in the…

  • CVE-2024-28986KEVAug 13, 2024
    risk 0.19cvss epss 0.85

    SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been…

  • CVE-2024-7593CriKEVAug 13, 2024
    risk 0.86cvss 9.8epss 1.00

    Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

  • CVE-2024-38189KEVAug 13, 2024
    risk 0.15cvss epss 0.08

    Microsoft Project Remote Code Execution Vulnerability

  • CVE-2024-38107KEVAug 13, 2024
    risk 0.12cvss epss 0.02

    Windows Power Dependency Coordinator Elevation of Privilege Vulnerability

  • CVE-2024-38106KEVAug 13, 2024
    risk 0.12cvss epss 0.06

    Windows Kernel Elevation of Privilege Vulnerability

  • CVE-2024-38213KEVAug 13, 2024
    risk 0.17cvss epss 0.13

    Windows Mark of the Web Security Feature Bypass Vulnerability

  • CVE-2024-38193KEVAug 13, 2024
    risk 0.21cvss epss 0.28

    Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability