Total
255441 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5276 | 2024-06-28 | 9.8 Critical | ||
| A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier. | ||||
| CVE-2024-34102 | 2024-06-28 | 9.8 Critical | ||
| Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-6296 | 2024-06-28 | 6.4 Medium | ||
| The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-26261 | 2024-06-28 | 9.8 Critical | ||
| The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. | ||||
| CVE-2024-26260 | 2024-06-28 | 9.8 Critical | ||
| The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission. | ||||
| CVE-2024-2363 | 2024-06-28 | 5.3 Medium | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-6814 | 2024-06-28 | 5.6 Medium | ||
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9. | ||||
| CVE-2024-27929 | 2024-06-28 | 7.1 High | ||
| ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7. | ||||
| CVE-2024-25994 | 2024-06-28 | 5.3 Medium | ||
| An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | ||||
| CVE-2024-25996 | 2024-06-28 | 5.3 Medium | ||
| An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. | ||||
| CVE-2024-25997 | 2024-06-28 | 5.3 Medium | ||
| An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. | ||||
| CVE-2024-25998 | 2024-06-28 | 7.3 High | ||
| An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | ||||
| CVE-2024-26001 | 2024-06-28 | 7.4 High | ||
| An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | ||||
| CVE-2024-26004 | 2024-06-28 | 7.5 High | ||
| An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. | ||||
| CVE-2024-26002 | 2024-06-28 | 7.8 High | ||
| An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. | ||||
| CVE-2024-26288 | 2024-06-28 | 8.7 High | ||
| An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected. | ||||
| CVE-2024-25995 | 2024-06-28 | 9.8 Critical | ||
| An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function. | ||||
| CVE-2024-26003 | 2024-06-28 | 7.5 High | ||
| An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. | ||||
| CVE-2024-24302 | 2024-06-28 | N/A | ||
| An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method. | ||||
| CVE-2024-2150 | 2024-06-28 | 5.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255503. | ||||