VYPR

CVEs

101,963 total · page 643 of 2,040

  • CVE-2024-8900HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.00

    An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.

  • CVE-2024-43460HigSep 17, 2024
    risk 0.53cvss 8.1epss 0.01

    Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.

  • CVE-2024-8944HigSep 17, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack…

  • CVE-2024-45682HigSep 17, 2024
    risk 0.57cvss 8.8epss 0.02

    There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.

  • CVE-2024-42503HigSep 17, 2024
    risk 0.47cvss 7.2epss 0.01

    Authenticated command execution vulnerability exist in the ArubaOS command line interface (CLI). Successful exploitation of this vulnerabilities result in the ability to run arbitrary commands as a priviledge user on the underlying operating system.

  • CVE-2024-42502HigSep 17, 2024
    risk 0.47cvss 7.2epss 0.02

    Authenticated command injection vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability result in the ability to inject shell commands on the underlying operating system.

  • CVE-2024-42501HigSep 17, 2024
    risk 0.47cvss 7.2epss 0.01

    An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants.

  • CVE-2024-38813HigKEVSep 17, 2024
    risk 0.62cvss 7.5epss 0.17

    The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

  • CVE-2024-8768HigSep 17, 2024
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

  • CVE-2024-7788HigSep 17, 2024
    risk 0.51cvss 7.8epss 0.00

    Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

  • CVE-2021-27916HigSep 17, 2024
    risk 0.46cvss 8.1epss 0.01

    Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or…

  • CVE-2024-47049HigSep 17, 2024
    risk 0.46cvss 8.2epss 0.01

    The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.

  • CVE-2024-47047HigSep 17, 2024
    risk 0.42cvss 7.5epss 0.00

    An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display…

  • CVE-2024-22303HigSep 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.

  • CVE-2024-21743HigSep 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.

  • CVE-2021-27915HigSep 17, 2024
    risk 0.42cvss 7.6epss 0.01

    Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system.

  • CVE-2024-46362HigSep 17, 2024
    risk 0.57cvss 8.8epss 0.00

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory

  • CVE-2024-46085HigSep 17, 2024
    risk 0.57cvss 8.8epss 0.00

    FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename

  • CVE-2024-5998HigSep 17, 2024
    risk 0.44cvss 7.8epss 0.00

    A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product.

  • CVE-2024-8761HigSep 17, 2024
    risk 0.40cvss 7.2epss 0.00

    The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users…

  • CVE-2024-8490HigSep 17, 2024
    risk 0.50cvss 8.8epss 0.00

    The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to…

  • CVE-2024-8110HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.00

    Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active…

  • CVE-2024-44189HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent.

  • CVE-2024-44165HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7, visionOS 2. Network traffic may leak outside a VPN tunnel.

  • CVE-2024-44164HigSep 17, 2024
    risk 0.46cvss 7.1epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to bypass Privacy preferences.

  • CVE-2024-44162HigSep 17, 2024
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 16. A malicious application may gain access to a user's Keychain items.

  • CVE-2024-44152HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.

  • CVE-2024-44149HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.

  • CVE-2024-44132HigSep 17, 2024
    risk 0.57cvss 8.8epss 0.00

    This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox.

  • CVE-2024-40861HigSep 17, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to gain root privileges.

  • CVE-2024-40856HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    An integrity issue was addressed with Beacon Protection. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18. An attacker may be able to force a device to disconnect from a secure network.

  • CVE-2024-40848HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An attacker may be able to read sensitive information.

  • CVE-2024-40770HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.

  • CVE-2024-27879HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. An attacker may be able to cause unexpected app termination.

  • CVE-2024-27874HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A remote attacker may be able to cause a denial-of-service.

  • CVE-2024-27795HigSep 17, 2024
    risk 0.49cvss 7.5epss 0.01

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A camera extension may be able to access the internet.

  • CVE-2024-45416HigSep 16, 2024
    risk 0.53cvss 8.1epss 0.01

    The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on all files in this directory and executes them using the function dofile…

  • CVE-2024-45413HigSep 16, 2024
    risk 0.53cvss 8.1epss 0.00

    The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated…

  • CVE-2024-42798HigSep 16, 2024
    risk 0.49cvss 7.6epss 0.00

    An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.

  • CVE-2024-45801HigSep 16, 2024
    risk 0.41cvss 7.3epss 0.01

    DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype…

  • CVE-2024-45799HigSep 16, 2024
    risk 0.47cvss 7.3epss 0.00

    FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the…

  • CVE-2023-45854HigSep 16, 2024
    risk 0.49cvss 7.5epss 0.00

    A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function.

  • CVE-2024-23599HigSep 16, 2024
    risk 0.51cvss 7.9epss 0.00

    Race condition in Seamless Firmware Updates for some Intel(R) reference platforms may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2024-21871HigSep 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-21829HigSep 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-21781HigSep 16, 2024
    risk 0.47cvss 7.2epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.

  • CVE-2023-43626HigSep 16, 2024
    risk 0.49cvss 7.5epss 0.00

    Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2023-42772HigSep 16, 2024
    risk 0.53cvss 8.2epss 0.00

    Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2023-41833HigSep 16, 2024
    risk 0.49cvss 7.5epss 0.00

    A race condition in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-8752HigSep 16, 2024
    risk 0.50cvss 7.5epss 0.12

    The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.