VYPR

CVEs

100,472 total · page 660 of 2,010

  • CVE-2024-20701HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.02

    SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

  • CVE-2024-27784HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.01

    Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.

  • CVE-2024-27783HigJul 9, 2024
    risk 0.49cvss 7.6epss 0.00

    Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

  • CVE-2024-27782HigJul 9, 2024
    risk 0.53cvss 8.1epss 0.01

    Multiple insufficient session expiration weaknesses [CWE-613] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.

  • CVE-2024-23663HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.01

    An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.

  • CVE-2023-50178HigJul 9, 2024
    risk 0.48cvss 7.4epss 0.00

    An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on…

  • CVE-2023-40702HigJul 9, 2024
    risk 0.50cvss epss 0.00

    PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability…

  • CVE-2023-40356HigJul 9, 2024
    risk 0.57cvss epss 0.00

    PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from…

  • CVE-2024-6615HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 128 and Thunderbird <…

  • CVE-2024-6609HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.01

    When almost out-of-memory an elliptic curve key which was never allocated could have been freed again. This vulnerability affects Firefox < 128 and Thunderbird < 128.

  • CVE-2024-6607HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.01

    It was possible to prevent a user from exiting pointerlock when pressing escape and to overlay customValidity notifications from a `<select>` element over certain permission prompts. This could be used to confuse a user into giving a site unintended permissions. This…

  • CVE-2024-6606HigJul 9, 2024
    risk 0.53cvss 8.2epss 0.00

    Clipboard code failed to check the index on an array access. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 128 and Thunderbird < 128.

  • CVE-2024-6605HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    Firefox Android allowed immediate interaction with permission prompts. This could be used for tapjacking. This vulnerability affects Firefox < 128.

  • CVE-2024-6604HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.01

    Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox…

  • CVE-2024-6603HigJul 9, 2024
    risk 0.48cvss 7.4epss 0.01

    In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

  • CVE-2024-39697HigJul 9, 2024
    risk 0.49cvss 8.6epss 0.01

    phonenumber is a library for parsing, formatting and validating international phone numbers. Since 0.3.4, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get…

  • CVE-2024-38363HigJul 9, 2024
    risk 0.48cvss 8.5epss 0.01

    Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create…

  • CVE-2024-37952HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.

  • CVE-2024-37513HigJul 9, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themewinter WPCafe allows Path Traversal.This issue affects WPCafe: from n/a through 2.2.27.

  • CVE-2024-22271HigJul 9, 2024
    risk 0.46cvss 8.2epss 0.00

    In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: …

  • CVE-2024-39888HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified. …

  • CVE-2024-39874HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user…

  • CVE-2024-39873HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are…

  • CVE-2024-39868HigJul 9, 2024
    risk 0.49cvss 7.6epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN…

  • CVE-2024-39867HigJul 9, 2024
    risk 0.49cvss 7.6epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device…

  • CVE-2024-39866HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files…

  • CVE-2024-39865HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This…

  • CVE-2024-39675HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All…

  • CVE-2024-39571HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to…

  • CVE-2024-39570HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to…

  • CVE-2024-39568HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an…

  • CVE-2024-39567HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.01

    A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an…

  • CVE-2024-37997HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter…

  • CVE-2024-37501HigJul 9, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows Path Traversal.This issue affects Advanced Classifieds & Directory Pro: from n/a through 3.1.3.

  • CVE-2024-37497HigJul 9, 2024
    risk 0.50cvss 7.7epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Crocoblock JetThemeCore jet-theme-core.This issue affects JetThemeCore: from n/a through < 2.2.1.

  • CVE-2024-37484HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97.

  • CVE-2024-33654HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of…

  • CVE-2024-33653HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of…

  • CVE-2024-32056HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the…

  • CVE-2023-52237HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM…

  • CVE-2022-45147HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when…

  • CVE-2024-5634HigJul 9, 2024
    risk 0.56cvss epss 0.00

    Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy.  Additionally, every camera with the same firmware version…

  • CVE-2024-5633HigJul 9, 2024
    risk 0.49cvss epss 0.01

    Longse model LBH30FE200W cameras, as well as products based on this device, provide an unrestricted access for an attacker located in the same local network to an undocumented binary service CoolView on one of the ports.  An attacker with a knowledge of the available commands…

  • CVE-2024-37462HigJul 9, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows Path Traversal.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.2.

  • CVE-2024-37455HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.

  • CVE-2024-37419HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Codeless Cowidgets – Elementor Addons allows Path Traversal.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.

  • CVE-2023-3289HigJul 9, 2024
    risk 0.50cvss 7.7epss 0.00

    A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.

  • CVE-2023-3288HigJul 9, 2024
    risk 0.55cvss 8.5epss 0.00

    A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.

  • CVE-2023-3286HigJul 9, 2024
    risk 0.50cvss 7.7epss 0.00

    A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.

  • CVE-2023-38047HigJul 9, 2024
    risk 0.55cvss 8.5epss 0.00

    A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.