CVSS 9-10
| CVE ID | CVSS | Vendor | Exploit | Patch | Trends |
|---|---|---|---|---|---|
CVE-2024-46451TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. | CVSS 9.8 | Totolink | Exploit | - |  |
CVE-2024-46446Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting in the Deletion of Arbitrary Files or Website Takeover. | CVSS 9.8 | Mecha-cms | Exploit | - |  |
CVE-2024-46419TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. | CVSS 9.8 | Totolink | Exploit | - |  |
CVE-2024-4641OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to accepting a format string from an external source as an argument. An attacker could modify an externally controlled format string to cause a memory leak and denial of service. | CVSS 9.8 | Moxa | - | Patched |  |
CVE-2024-46377Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | CVSS 9.8 | Mayurik | Exploit | - |  |
CVE-2024-46376Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. | CVSS 9.8 | Mayurik | - | - |  |
CVE-2024-46375Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | CVSS 9.8 | Mayurik | - | - |  |
CVE-2024-46374Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. | CVSS 9.8 | Mayurik | - | - |  |
CVE-2024-46367A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can lead to privilege escalation when the payload is executed, granting the attacker elevated permissions within the CRM system. | CVSS 9.6 | Webkul | - | - |  |
CVE-2024-46293Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all. | CVSS 9.8 | Sourcecodester | - | - |  |
CVE-2024-46256A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. | CVSS 9.8 | Nginxproxymanager | - | - |  |
CVE-2024-4620The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form | CVSS 9.8 | Wordpress, et al | - | - |  |
CVE-2024-46103SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. | CVSS 9.8 | Sem-cms | - | - |  |
CVE-2024-46101GDidees CMS <= v3.9.1 has a file upload vulnerability. | CVSS 9.8 | Gdidees | - | - |  |
CVE-2024-46088An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. | CVSS 9.8 | - | - |  | |
CVE-2024-46076RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. | CVSS 9.8 | Ruoyi | - | - |  |
CVE-2024-46049Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. | CVSS 9.8 | Tenda | Exploit | - |  |
CVE-2024-46048Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i | CVSS 9.8 | Tenda | Exploit | - |  |
CVE-2024-46046Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. | CVSS 9.8 | Tenda | Exploit | - |  |
CVE-2024-46045Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. | CVSS 9.8 | Tenda | Exploit | - |  |
CVE-2024-46044CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. | CVSS 9.8 | Oracle, et al | Exploit | - |  |
CVE-2024-45999A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter. | CVSS 9.8 | Magicbug | Exploit | - |  |
CVE-2024-45971Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit 1f52be9ddeae00e69cd43e4cac3cb4f0c880c4f0 allow a malicious server to cause a stack-based buffer overflow via the MMS IdentifyResponse message. | CVSS 9.8 | Mz-automation | - | - |  |
CVE-2024-45970Multiple Buffer overflows in the MMS Client in MZ Automation LibIEC61850 before commit ac925fae8e281ac6defcd630e9dd756264e9c5bc allow a malicious server to cause a stack-based buffer overflow via the MMS FileDirResponse message. | CVSS 9.8 | Mz-automation | - | - |  |
CVE-2024-45944In J2eeFAST <=2.7, the backend function has unsafe filtering, which allows an attacker to trigger certain sensitive functions resulting in arbitrary code execution. | CVSS 9.8 | - | - |  | |
CVE-2024-45918Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. | CVSS 9.8 | - | - |  | |
CVE-2024-45874A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. | CVSS 9.8 | - | - |  | |
CVE-2024-45873A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. | CVSS 9.8 | - | - |  | |
CVE-2024-45824CVE-2024-45824 IMPACT
A remote
code vulnerability exists in the affected products. The vulnerability occurs
when chained with Path Traversal, Command Injection, and XSS Vulnerabilities
and allows for full unauthenticated remote code execution. The link in the
mitigations section below contains patches to fix this issue. | CVSS 9.8 | Rockwellautomation | - | Patched |  |
CVE-2024-45823CVE-2024-45823 IMPACT
An
authentication bypass vulnerability exists in the affected product. The
vulnerability exists due to shared secrets across accounts and could allow a threat
actor to impersonate a user if the threat actor is able to enumerate additional
information required during authentication. | CVSS 9.8 | Rockwellautomation | - | Patched |  |
CVE-2024-45798arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results.yml` workflow (`GHSL-2024-169`) and environment Variable injection (`GHSL-2024-170`). These issue have been addressed but users are advised to verify the contents of the downloaded artifacts. | CVSS 9.9 | Espressif | - | - |  |
CVE-2024-45790This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts. | CVSS 9.8 | - | - |  | |
CVE-2024-45771RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. | CVSS 9.8 | Openrapid | - | - |  |
CVE-2024-4577In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. | CVSS 9.8 | Fedoraproject, et al | Exploit | Patched |  |
CVE-2024-45764Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. | CVSS 9.8 | Dell | - | Patched |  |
CVE-2024-45758H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors. | CVSS 9.1 | - | - |  | |
CVE-2024-45746An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length field. After a PSA call, the length of the output arguments behind the unchecked pointer is updated in mailbox_direct_reply, regardless of the call result. This allows an attacker to write anywhere in the secure firmware, which can be used to take over the control flow, leading to remote code execution (RCE). | CVSS 9.8 | - | - |  | |
CVE-2024-45698Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device. | CVSS 9.8 | Dlink | - | - |  |
CVE-2024-45697Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials. | CVSS 9.8 | Dlink | - | - |  |
CVE-2024-45695The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | CVSS 9.8 | Dlink | - | - |  |
CVE-2024-45694The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. | CVSS 9.8 | Dlink | - | - |  |
CVE-2024-45682There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system. | CVSS 9.8 | - | - |  | |
CVE-2024-45656IBM Flexible Service Processor (FSP) FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10 has static credentials which may allow network users to gain service privileges to the FSP. | CVSS 9.8 | - | - |  | |
CVE-2024-45623D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | CVSS 9.8 | Dlink | - | - |  |
CVE-2024-45622ASIS (aka Aplikasi Sistem Sekolah using CodeIgniter 3) 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. | CVSS 9.8 | Codeigniter | - | - |  |
CVE-2024-4560The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to upload arbitrary files on the affected site's server which may make remote code execution possible. | CVSS 9.8 | Wordpress, et al | - | - |  |
CVE-2024-45595D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default. | CVSS 9.8 | Man | - | Patched |  |
CVE-2024-45523An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause a resource leak by issuing multiple failed login attempts through API SOAP. | CVSS 9.1 | Oracle | - | - |  |
CVE-2024-45522Linen before cd37c3e does not verify that the domain is linen.dev or www.linen.dev when resetting a password. This occurs in create in apps/web/pages/api/forgot-password/index.ts. | CVSS 9.8 | - | Patched |  | |
CVE-2024-4552The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | CVSS 9.8 | Wordpress | - | - |  |
CVE-2024-45519The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | CVSS 9.8 | Zimbra | Exploit | Patched |  |
CVE-2024-45508HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. | CVSS 9.8 | Htmldoc project | Exploit | Patched |  |
CVE-2024-45507Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 18.12.16.
Users are recommended to upgrade to version 18.12.16, which fixes the issue. | CVSS 9.8 | Apache | Exploit | Patched |  |
CVE-2024-45496A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container. | CVSS 9.9 | Redhat | - | Patched |  |
CVE-2024-45492An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | CVSS 9.8 | Libexpat, et al | - | Patched |  |
CVE-2024-45491An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | CVSS 9.8 | Libexpat, et al | - | Patched |  |
CVE-2024-45489Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context. | CVSS 9.8 | Mozilla | - | - |  |
CVE-2024-45488One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2. | CVSS 9.8 | Oneidentity, et al | - | - |  |
CVE-2024-4548An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field. | CVSS 9.8 | Deltaww | - | - |  |
CVE-2024-4547A SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateScript' message, which is splitted into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field | CVSS 9.8 | Deltaww | - | - |  |
CVE-2024-45443Directory traversal vulnerability in the cust module
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | CVSS 9.1 | Huawei, et al | - | Patched |  |
CVE-2024-4544The Pie Register - Social Sites Login (Add on) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.7. This is due to insufficient verification on the user being supplied during a social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | CVSS 9.8 | Wordpress, et al | - | - |  |
CVE-2024-45435Chartist 1.x through 1.3.0 allows Prototype Pollution via the extend function. | CVSS 9.8 | Chartist | Exploit | - |  |
CVE-2024-45415The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The checksum is sent encrypted in the request, the function decrypts it and stores the checksum on the stack without validating it. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. | CVSS 9.8 | - | - |  | |
CVE-2024-45414The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checking its length. An unauthenticated attacker can get RCE as root by exploiting this vulnerability. | CVSS 9.8 | - | - |  | |
CVE-2024-45409The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3. | CVSS 9.8 | Omniauth, et al | - | Patched |  |
CVE-2024-45402Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d. | CVSS 9.8 | H2o, et al | - | Patched |  |
CVE-2024-45390It is possible to inject and run code within the template if the attacker has access to write the template name. const { template } = require('@blakeembrey/template');
template("Hello {{name}}!", "exploit() {} && ((()=>{ console.log('success'); })()) && function pwned"); | CVSS 9.8 | - | Patched |  | |
CVE-2024-45367The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password. | CVSS 9.1 | Elektrobit | - | - |  |
CVE-2024-45321The App::cpanminus package through 1.7047 for Perl downloads code via insecure HTTP, enabling code execution for network attackers. | CVSS 9.8 | Perl | Exploit | Patched |  |
CVE-2024-45307SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is affected. Other versions (e.g. v8) are not affected. Users should upgrade to version 9.26.7 to receive a patch. A workaround would be to create a command permission overwrite in the Database. A SQL statement provided in the GitHub Security Advisor can be executed to create a overwrite that disallows users without `ManageGuild` permission to run the `-config` command. Run the SQL statement for every server the bot is in, and replace `<guild_id>` with the appropriate Guild ID each time. | CVSS 9.8 | Github, et al | - | Patched |  |
CVE-2024-45275The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices. | CVSS 9.8 | Helmholz, et al | - | - |  |
CVE-2024-45274An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. | CVSS 9.8 | Helmholz, et al | - | - |  |
CVE-2024-45265A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. | CVSS 9.8 | Exploit | - |  | |
CVE-2024-45258The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in applications relying on this library for handling HTTP requests. Despite developers potentially utilizing the net/url library to parse malformed URLs and implement blocklists to prevent HTTP requests to listed URLs, inconsistencies exist between how the net/url and req libraries parse URLs. These discrepancies can lead to the failure of defensive strategies, resulting in potential security threats such as Server-Side Request Forgery (SSRF) and Remote Code Execution (RCE). | CVSS 9.8 | Apache | - | Patched |  |
CVE-2024-45256An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py. | CVSS 9.8 | Exploit | - |  | |
CVE-2024-45252Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | CVSS 9.8 | Elsight | - | - |  |
CVE-2024-45251Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | CVSS 9.8 | Elsight | - | - |  |
CVE-2024-45249Cavok – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | CVSS 9.8 | - | - |  | |
CVE-2024-45237An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow. | CVSS 9.8 | Nicmx | - | Patched |  |
CVE-2024-45233An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in Broken Access Control. Depending on the configuration of the Powermail Frontend plugins, an unauthenticated attacker can exploit this to edit, update, delete, or export data of persisted forms. This can only be exploited when the Powermail Frontend plugins are used. The fixed versions are 7.5.0, 8.5.0, 10.9.0, and 12.4.0. | CVSS 9.8 | Typo3, et al | - | Patched |  |
CVE-2024-45216Improper Authentication vulnerability in Apache Solr.
Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass.
A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path.
This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing.
This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0.
Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue. | CVSS 9.8 | Apache | - | Patched |  |
CVE-2024-45186FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials. | CVSS 9.8 | Simplesamlphp | - | - |  |
CVE-2024-45169An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution via the \xB0\x00\x3c byte sequence. | CVSS 9.8 | Apache | - | - |  |
CVE-2024-45168An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable. | CVSS 9.1 | - | - |  | |
CVE-2024-45167An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. A certain XmlMessage document causes 100% CPU consumption. | CVSS 9.8 | - | - |  | |
CVE-2024-45166An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. There is an access violation and EIP overwrite after five logins. | CVSS 9.8 | - | - |  | |
CVE-2024-45163The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data. | CVSS 9.1 | Cisco | - | - |  |
CVE-2024-45160Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). | CVSS 9.1 | - | - |  | |
CVE-2024-45159An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert). | CVSS 9.8 | Arm | - | Patched |  |
CVE-2024-45158An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.) | CVSS 9.8 | Arm | - | - |  |
CVE-2024-45115Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | CVSS 9.8 | Adobe | - | Patched |  |
CVE-2024-45076IBM webMethods Integration 10.15 could allow an authenticated user to upload and execute arbitrary files which could be executed on the underlying operating system. | CVSS 9.9 | Ibm | - | Patched |  |
CVE-2024-45066A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP
sub-menu can allow a remote attacker to inject arbitrary commands. | CVSS 9.8 | Doverfuelingsolutions | - | - |  |
CVE-2024-44921SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del. | CVSS 9.8 | Seacms | Exploit | - |  |
CVE-2024-44902A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. | CVSS 9.8 | Thinkphp | Exploit | Patched |  |
CVE-2024-44893An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | CVSS 9.8 | Jeecg | - | - |  |
CVE-2024-44849Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. | CVSS 9.8 | Exploit | - |  | |
CVE-2024-44839RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. | CVSS 9.8 | Openrapid | - | - |  |
CVE-2024-44838RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php. | CVSS 9.8 | Openrapid | - | - |  |