VYPR

CVEs

100,082 total · page 668 of 2,002

  • CVE-2024-2747HigJun 12, 2024
    risk 0.51cvss 7.8epss 0.00

    CWE-428: Unquoted search path or element vulnerability exists in Easergy Studio, which could cause privilege escalation when a valid user replaces a trusted file name on the system and reboots the machine.

  • CVE-2024-0865HigJun 12, 2024
    risk 0.51cvss 7.8epss 0.00

    CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.

  • CVE-2024-5908HigJun 12, 2024
    risk 0.49cvss 7.5epss 0.00

    A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for…

  • CVE-2024-5907HigJun 12, 2024
    risk 0.46cvss 7.0epss 0.00

    A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this…

  • CVE-2024-37038HigJun 12, 2024
    risk 0.49cvss 7.5epss 0.00

    CWE-276: Incorrect Default Permissions vulnerability exists that could allow an authenticated user with access to the device’s web interface to perform unauthorized file and firmware uploads when crafting custom web requests.

  • CVE-2024-37037HigJun 12, 2024
    risk 0.53cvss 8.1epss 0.01

    CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request.

  • CVE-2024-5896HigJun 12, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability, which was classified as critical, was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to sql injection. It is possible…

  • CVE-2024-37300HigJun 12, 2024
    risk 0.46cvss 8.1epss 0.00

    OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. JupyterHub < 5.0, when used with `GlobusOAuthenticator`, could be configured to allow all users from a particular institution only. This worked fine prior to JupyterHub…

  • CVE-2024-5894HigJun 12, 2024
    risk 0.48cvss 7.3epss 0.01

    A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has…

  • CVE-2024-34065HigJun 12, 2024
    risk 0.39cvss 7.1epss 0.01

    Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass…

  • CVE-2024-28964HigJun 12, 2024
    risk 0.51cvss 7.8epss 0.00

    Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user.…

  • CVE-2024-36263HigJun 12, 2024
    risk 0.46cvss 8.1epss 0.01

    ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: all versions. As this project is retired, we do not plan to…

  • CVE-2024-25949HigJun 12, 2024
    risk 0.57cvss 8.8epss 0.00

    Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges.

  • CVE-2024-5211HigJun 12, 2024
    risk 0.00cvss 7.2epss 0.01

    A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and…

  • CVE-2024-4845HigJun 12, 2024
    risk 0.50cvss 8.8epss 0.00

    The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.…

  • CVE-2023-48280HigJun 12, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1.

  • CVE-2024-5154HigJun 12, 2024
    risk 0.53cvss 8.1epss 0.01

    A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

  • CVE-2024-3183HigJun 12, 2024
    risk 0.53cvss 8.1epss 0.02

    A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal…

  • CVE-2024-2698HigJun 12, 2024
    risk 0.50cvss 8.8epss 0.01

    A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If…

  • CVE-2024-36856HigJun 12, 2024
    risk 0.42cvss 7.5epss 0.01

    RMQTT Broker 0.4.0 is vulnerable to Denial of Service (DoS) due to improper session resource management. An attacker can exhaust system memory and crash the daemon by establishing and maintaining a vast number of long-lived malicious publish/subscribe sessions.

  • CVE-2024-5543HigJun 12, 2024
    risk 0.53cvss 8.1epss 0.00

    The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …

  • CVE-2024-5847HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

  • CVE-2024-5846HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

  • CVE-2024-5845HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

  • CVE-2024-5844HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-5842HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-5841HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-5838HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.01

    Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5837HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.01

    Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5836HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-5835HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5834HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.01

    Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5833HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.01

    Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5832HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5831HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-5830HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.01

    Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-33606HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.00

    An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability.

  • CVE-2024-28877HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.01

    MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability.

  • CVE-2023-4727HigJun 11, 2024
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to…

  • CVE-2024-37301HigJun 11, 2024
    risk 0.40cvss 7.2epss 0.01

    Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full…

  • CVE-2024-36702HigJun 11, 2024
    risk 0.48cvss 7.4epss 0.00

    libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c.

  • CVE-2024-28020HigJun 11, 2024
    risk 0.52cvss 8.0epss 0.00

    A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through complex routines to extend access on the server and other services.

  • CVE-2024-4190HigJun 11, 2024
    risk 0.53cvss 8.1epss 0.00

    Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited.

  • CVE-2024-37325HigJun 11, 2024
    risk 0.53cvss 8.1epss 0.01

    Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability

  • CVE-2024-37293HigJun 11, 2024
    risk 0.00cvss 7.5epss 0.00

    The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or resources via the structure defined…

  • CVE-2024-35265HigJun 11, 2024
    risk 0.46cvss 7.0epss 0.00

    Windows Perception Service Elevation of Privilege Vulnerability

  • CVE-2024-35254HigJun 11, 2024
    risk 0.46cvss 7.1epss 0.01

    Azure Monitor Agent Elevation of Privilege Vulnerability

  • CVE-2024-35252HigJun 11, 2024
    risk 0.49cvss 7.5epss 0.02

    Azure Storage Movement Client Library Denial of Service Vulnerability

  • CVE-2024-35250HigKEVJun 11, 2024
    risk 0.68cvss 7.8epss 0.25

    Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

  • CVE-2024-35249HigJun 11, 2024
    risk 0.57cvss 8.8epss 0.03

    Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability