VYPR

CVEs

101,963 total · page 639 of 2,040

  • CVE-2024-6594HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Handling of Exceptional Conditions vulnerability in the WatchGuard Single Sign-On Client on Windows causes the client to crash while handling malformed commands. An attacker with network access to the client could create a denial of service condition for the Single…

  • CVE-2024-7481HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper verification of cryptographic signature during installation of a Printer driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their…

  • CVE-2024-7479HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their…

  • CVE-2024-45817HigSep 25, 2024
    risk 0.47cvss 7.3epss 0.01

    In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore, the OS can opt to receive an interrupt when a new error occurs. It is possible to configure the error interrupt with an illegal vector,…

  • CVE-2024-31146HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.00

    When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective guests individually cannot really be guaranteed without knowing internals of any of the involved guests. Therefore such a configuration…

  • CVE-2024-31145HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.00

    Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise…

  • CVE-2024-8175HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS.

  • CVE-2024-8290HigSep 25, 2024
    risk 0.50cvss 8.8epss 0.01

    The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function…

  • CVE-2024-8484HigSep 25, 2024
    risk 0.42cvss 7.5epss 0.04

    The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied…

  • CVE-2024-8481HigSep 25, 2024
    risk 0.41cvss 7.3epss 0.01

    The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.4. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode'); which will run all shortcodes in comments. This…

  • CVE-2024-8349HigSep 25, 2024
    risk 0.47cvss 7.2epss 0.01

    The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers,…

  • CVE-2024-7617HigSep 25, 2024
    risk 0.40cvss 7.2epss 0.01

    The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2024-9123HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-9122HigSep 25, 2024
    risk 0.58cvss 8.8epss 0.06

    Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-9121HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-9120HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-8941HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    Path traversal vulnerability in Scriptcase version 9.4.019, in /scriptcase/devel/compat/nm_edit_php_edit.php (in the “subpage” parameter), which allows unauthenticated remote users to bypass SecurityManager's intended restrictions and list and/or read a parent directory via…

  • CVE-2024-8914HigSep 25, 2024
    risk 0.40cvss 7.2epss 0.00

    The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 due to incorrect use of the wp_kses_allowed_html function, which…

  • CVE-2024-8497HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    Franklin Fueling Systems TS-550 EVO versions prior to 2.26.4.8967 possess a file that can be read arbitrarily that could allow an attacker obtain administrator credentials.

  • CVE-2024-46936HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.00

    Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose.

  • CVE-2024-46935HigSep 25, 2024
    risk 0.42cvss 7.5epss 0.01

    Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of service (DoS). Attackers who craft messages with specific characters may crash the workspace due to an issue in the message parser.

  • CVE-2024-46610HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.00

    An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java

  • CVE-2024-46609HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords

  • CVE-2024-46607HigSep 25, 2024
    risk 0.49cvss 7.6epss 0.00

    Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

  • CVE-2024-45373HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator.

  • CVE-2024-41725HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.00

    ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting.

  • CVE-2024-39928HigSep 25, 2024
    risk 0.42cvss 7.5epss 0.01

    In Apache Linkis <= 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

  • CVE-2024-21545HigSep 25, 2024
    risk 0.53cvss 8.2epss 0.00

    Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via…

  • CVE-2023-26691HigSep 25, 2024
    risk 0.47cvss 7.2epss 0.01

    Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via crafted zip file when installing a new add-on.

  • CVE-2023-26690HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.01

    File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu.

  • CVE-2023-26687HigSep 25, 2024
    risk 0.57cvss 8.8epss 0.01

    Directory Traversal vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to obtain sensitive information via the product_data parameter in the PDF Add-on.

  • CVE-2021-38963HigSep 25, 2024
    risk 0.52cvss 8.0epss 0.01

    IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute…

  • CVE-2024-8623HigSep 24, 2024
    risk 0.48cvss 7.3epss 0.01

    The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before…

  • CVE-2022-2439HigSep 24, 2024
    risk 0.40cvss 7.2epss 0.01

    The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative…

  • CVE-2024-8795HigSep 24, 2024
    risk 0.57cvss 8.8epss 0.00

    The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_account_update() function. This makes it possible for unauthenticated attackers to…

  • CVE-2024-7023HigSep 23, 2024
    risk 0.57cvss 8.8epss 0.00

    Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)

  • CVE-2024-7018HigSep 23, 2024
    risk 0.51cvss 7.8epss 0.00

    Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

  • CVE-2021-38023HigSep 23, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2018-20072HigSep 23, 2024
    risk 0.51cvss 7.8epss 0.00

    Insufficient data validation in PDF in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2024-42861HigSep 23, 2024
    risk 0.49cvss 7.5epss 0.02

    An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

  • CVE-2024-46639HigSep 23, 2024
    risk 0.49cvss 7.6epss 0.00

    A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields message box.

  • CVE-2024-43201HigSep 23, 2024
    risk 0.57cvss 8.8epss 0.00

    The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. Planet Fitness first addressed this vulnerability in version 9.8.12…

  • CVE-2024-37779HigSep 23, 2024
    risk 0.57cvss 8.8epss 0.01

    WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.

  • CVE-2024-39842HigSep 23, 2024
    risk 0.47cvss 7.2epss 0.02

    A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.

  • CVE-2024-40442HigSep 23, 2024
    risk 0.40cvss 7.2epss 0.01

    An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via a crafted REST Request.

  • CVE-2024-46985HigSep 23, 2024
    risk 0.49cvss 7.5epss 0.01

    DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file…

  • CVE-2024-41228HigSep 23, 2024
    risk 0.49cvss 7.6epss 0.00

    A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.

  • CVE-2024-23934HigSep 23, 2024
    risk 0.57cvss 8.8epss 0.01

    Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability…

  • CVE-2024-7835HigSep 23, 2024
    risk 0.57cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Exnet Informatics Software Ferry Reservation System allows Reflected XSS. This issue affects Ferry Reservation System: before 240805-002.

  • CVE-2024-8606HigSep 23, 2024
    risk 0.57cvss 8.8epss 0.00

    Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication