Total
314383 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-51672 | 1 Wpdeveloper | 1 Betterlinks | 2024-11-06 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks allows SQL Injection.This issue affects BetterLinks: from n/a through 2.1.7. | |||||
| CVE-2024-51665 | 1 Wpthemespace | 1 Magical Addons For Elementor | 2024-11-06 | N/A | 4.3 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1. | |||||
| CVE-2024-51408 | 1 Appsmith | 1 Appsmith | 2024-11-06 | N/A | 6.5 MEDIUM |
| AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve AWS metadata credentials. | |||||
| CVE-2024-10122 | 1 Topdata | 1 Inner Rep Plus | 2024-11-06 | 3.3 LOW | 4.9 MEDIUM |
| A vulnerability was found in Topdata Inner Rep Plus WebServer 2.01. It has been classified as problematic. Affected is an unknown function of the file /InnerRepPlus.html of the component Operator Details Form. The manipulation leads to missing password field masking. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-49223 | 1 Shibulijack | 1 Cj Change Howdy | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.K.A CyberJack CJ Change Howdy allows Stored XSS.This issue affects CJ Change Howdy: from n/a through 3.3.1. | |||||
| CVE-2024-49221 | 1 Julianweinert | 1 Cslider | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m cSlider allows Stored XSS.This issue affects cSlider: from n/a through 2.4.2. | |||||
| CVE-2024-49217 | 1 Madirisalmanaashish | 1 Adding Drop Down Roles In Registration | 2024-11-06 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1. | |||||
| CVE-2024-49219 | 1 Themexpo | 1 Rs-members | 2024-11-06 | N/A | 8.8 HIGH |
| Incorrect Privilege Assignment vulnerability in themexpo RS-Members allows Privilege Escalation.This issue affects RS-Members: from n/a through 1.0.3. | |||||
| CVE-2024-49220 | 1 Cookie-scanner | 1 Cookie Scanner | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Cookie Scanner – Nikel Schubert Cookie Scanner allows Stored XSS.This issue affects Cookie Scanner: from n/a through 1.1. | |||||
| CVE-2024-49229 | 1 Arifnezami | 1 Better Author Bio | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Arif Nezami Better Author Bio allows Cross-Site Scripting (XSS).This issue affects Better Author Bio: from n/a through 2.7.10.11. | |||||
| CVE-2024-31880 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-11-06 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. | |||||
| CVE-2024-51362 | 2024-11-06 | N/A | 6.5 MEDIUM | ||
| The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network. | |||||
| CVE-2024-51240 | 2024-11-06 | N/A | 8.0 HIGH | ||
| An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package | |||||
| CVE-2024-51132 | 2024-11-06 | N/A | 9.8 CRITICAL | ||
| An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. | |||||
| CVE-2024-42018 | 2024-11-06 | N/A | 7.7 HIGH | ||
| An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and confidentiality may be important to the security of the HPC configuration. Because these parameters are needed for initialization, there is no available mechanism to ensure access control on the management node, and a mitigation measure is normally put in place to prevent access to unprivileged users. It was discovered that this mitigation measure does not survive a reboot of diskful nodes. (Diskless nodes are not at risk.) The mistake lies in the cloudinit configuration: the iptables configuration should have been in the bootcmd instead of the runcmd section. | |||||
| CVE-2024-39339 | 2024-11-06 | N/A | 7.5 HIGH | ||
| A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and personally identifiable information (PII). The exposure of such information may have serious implications for user privacy and system integrity. | |||||
| CVE-2024-49237 | 1 Ahmetimamoglu | 1 Ahmeti Wp Timeline | 2024-11-06 | N/A | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Ahmet Imamoglu Ahmeti Wp Timeline allows Stored XSS.This issue affects Ahmeti Wp Timeline: from n/a through 5.1. | |||||
| CVE-2024-51685 | 1 Migaweb | 1 Accordion Title For Elementor | 2024-11-06 | N/A | 4.8 MEDIUM |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor allows Stored XSS.This issue affects Accordion title for Elementor: from n/a through 1.2.1. | |||||
| CVE-2024-48809 | 1 Aetherproject | 2 Onos-a1t, Sdran-in-a-box | 2024-11-06 | N/A | 7.5 HIGH |
| An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specifically the DeleteWatcher function. | |||||
| CVE-2024-51136 | 1 Openimaj | 1 Openimaj | 2024-11-06 | N/A | 9.8 CRITICAL |
| An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file. | |||||