VYPR

CVEs

100,082 total · page 670 of 2,002

  • CVE-2024-37177HigJun 11, 2024
    risk 0.53cvss 8.1epss 0.00

    SAP Financial Consolidation allows data to enter a Web application through an untrusted source. These endpoints are exposed over the network and it allows the user to modify the content from the web site. On successful exploitation, an attacker can cause significant impact to…

  • CVE-2024-37130HigJun 11, 2024
    risk 0.47cvss 7.3epss 0.00

    Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain…

  • CVE-2024-37289HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2024-37166HigJun 10, 2024
    risk 0.51cvss 8.9epss 0.00

    ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross-Site Scripting (XSS) vulnerability in some cases. Version 2.0.0 introduces changes to mitigate this issue. Version…

  • CVE-2024-36471HigJun 10, 2024
    risk 0.42cvss 7.5epss 0.01

    Import functionality is vulnerable to DNS rebinding attacks between verification and processing of the URL.  Project administrators can run these imports, which could cause Allura to read from internal services and expose them. This issue affects Apache Allura from 1.0.1…

  • CVE-2024-36358HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target…

  • CVE-2024-36305HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit…

  • CVE-2024-36304HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the…

  • CVE-2024-36303HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2024-36302HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to…

  • CVE-2024-35242HigJun 10, 2024
    risk 0.50cvss 8.8epss 0.03

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.…

  • CVE-2024-35241HigJun 10, 2024
    risk 0.50cvss 8.8epss 0.01

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code.…

  • CVE-2024-32849HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

  • CVE-2024-36418HigJun 10, 2024
    risk 0.55cvss 8.5epss 0.01

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in connectors allows an authenticated user to perform a remote code execution attack. Versions 7.14.4 and 8.6.1 contain a fix for this…

  • CVE-2024-27857HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.

  • CVE-2024-27855HigJun 10, 2024
    risk 0.57cvss 8.8epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. A shortcut may be able to use sensitive data with certain actions without prompting the user.

  • CVE-2024-27851HigJun 10, 2024
    risk 0.57cvss 8.8epss 0.01

    The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2024-27848HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges.

  • CVE-2024-27836HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. Processing a maliciously crafted image may lead to arbitrary code execution.

  • CVE-2024-27833HigJun 10, 2024
    risk 0.57cvss 8.8epss 0.01

    An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2024-27832HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

  • CVE-2024-27831HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a file may lead to…

  • CVE-2024-27828HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2024-27820HigJun 10, 2024
    risk 0.57cvss 8.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.

  • CVE-2024-27817HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. An app may be able to execute arbitrary code with kernel…

  • CVE-2024-27815HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2024-27811HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

  • CVE-2024-27808HigJun 10, 2024
    risk 0.57cvss 8.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.

  • CVE-2024-27802HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2. Processing a maliciously crafted file may…

  • CVE-2024-27801HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.

  • CVE-2024-37393HigJun 10, 2024
    risk 0.49cvss 7.5epss 0.03

    Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service…

  • CVE-2024-36416HigJun 10, 2024
    risk 0.56cvss 8.6epss 0.02

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a deprecated v4 API example with no log rotation allows denial of service by logging excessive data. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

  • CVE-2024-36414HigJun 10, 2024
    risk 0.50cvss 7.7epss 0.00

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the connectors file verification allows for a server-side request forgery attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

  • CVE-2024-36413HigJun 10, 2024
    risk 0.58cvss 8.9epss 0.00

    SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in the import module error view allows for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue.

  • CVE-2024-23299HigJun 10, 2024
    risk 0.56cvss 8.6epss 0.00

    The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to break out of its sandbox.

  • CVE-2022-48683HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.

  • CVE-2022-48578HigJun 10, 2024
    risk 0.46cvss 7.1epss 0.00

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory.

  • CVE-2022-32897HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution.

  • CVE-2024-5597HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.01

    Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.

  • CVE-2024-5102HigJun 10, 2024
    risk 0.46cvss 7.0epss 0.00

    A sym-linked file accessed via the repair function in Avast Antivirus <24.2 on Windows may allow user to elevate privilege to delete arbitrary files or run processes as NT AUTHORITY\SYSTEM. The vulnerability exists within the "Repair" (settings -> troubleshooting -> repair)…

  • CVE-2024-35754HigJun 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ovic Team Ovic Importer allows Path Traversal.This issue affects Ovic Importer: from n/a through 1.6.3.

  • CVE-2024-35745HigJun 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Gabriel Somoza / Joseph Fitzgibbons Strategery Migrations allows Path Traversal, File Manipulation.This issue affects Strategery Migrations: from n/a through 1.0.

  • CVE-2024-35744HigJun 10, 2024
    risk 0.56cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0.

  • CVE-2024-35743HigJun 10, 2024
    risk 0.56cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Siteclean SC filechecker allows Path Traversal, File Manipulation.This issue affects SC filechecker: from n/a through 0.6.

  • CVE-2024-35658HigJun 10, 2024
    risk 0.56cvss 8.6epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through…

  • CVE-2024-34800HigJun 10, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through <= 3.3.

  • CVE-2024-34761HigJun 10, 2024
    risk 0.55cvss 8.5epss 0.00

    Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10.

  • CVE-2024-34332HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API.

  • CVE-2024-26507HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or…

  • CVE-2024-4403HigJun 10, 2024
    risk 0.57cvss 8.8epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending…