Total
345064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43497 | 1 Microsoft | 1 Deepspeed | 2024-10-17 | N/A | 7.8 HIGH |
| DeepSpeed Remote Code Execution Vulnerability | |||||
| CVE-2024-43480 | 2 Linux, Microsoft | 2 Linux Kernel, Azure Service Fabric | 2024-10-17 | N/A | 6.6 MEDIUM |
| Azure Service Fabric for Linux Remote Code Execution Vulnerability | |||||
| CVE-2024-48911 | 1 Thinkst | 1 Opencanary | 2024-10-17 | N/A | 7.8 HIGH |
| OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it’s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue. | |||||
| CVE-2024-9687 | 1 Dueclic | 1 Wp 2fa With Telegram | 2024-10-17 | N/A | 8.8 HIGH |
| The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. This is due to insufficient validation of the user-controlled key on the 'validate_tg' action. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in as any existing user on the site, such as an administrator. | |||||
| CVE-2024-6757 | 1 Elementor | 1 Website Builder | 2024-10-17 | N/A | 4.3 MEDIUM |
| The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the get_image_alt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract either excerpt data or titles of private or password-protected posts. | |||||
| CVE-2024-43501 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-17 | N/A | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-30117 | 1 Hcltech | 1 Bigfix Platform | 2024-10-17 | N/A | 5.3 MEDIUM |
| A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances. | |||||
| CVE-2024-43500 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2024-10-17 | N/A | 5.5 MEDIUM |
| Windows Resilient File System (ReFS) Information Disclosure Vulnerability | |||||
| CVE-2024-43502 | 1 Microsoft | 4 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 1 more | 2024-10-17 | N/A | 7.1 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-9895 | 1 Zaytech | 1 Smart Online Order For Clover | 2024-10-17 | N/A | 5.4 MEDIUM |
| The Smart Online Order for Clover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's moo_receipt_link shortcode in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-9944 | 1 Woocommerce | 1 Woocommerce | 2024-10-17 | N/A | 6.1 MEDIUM |
| The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions. | |||||
| CVE-2024-21535 | 1 Quantizor | 1 Markdown-to-jsx | 2024-10-17 | N/A | 6.1 MEDIUM |
| Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown. | |||||
| CVE-2024-9971 | 1 Newtype | 1 Flowmaster Bpm Plus | 2024-10-17 | N/A | 8.8 HIGH |
| The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents. | |||||
| CVE-2024-9970 | 1 Newtype | 1 Flowmaster Bpm Plus | 2024-10-17 | N/A | 8.8 HIGH |
| The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie. | |||||
| CVE-2024-43503 | 1 Microsoft | 1 Sharepoint Server | 2024-10-17 | N/A | 7.8 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2024-43506 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-17 | N/A | 7.5 HIGH |
| BranchCache Denial of Service Vulnerability | |||||
| CVE-2024-43508 | 1 Microsoft | 4 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 1 more | 2024-10-17 | N/A | 5.5 MEDIUM |
| Windows Graphics Component Information Disclosure Vulnerability | |||||
| CVE-2024-43509 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-17 | N/A | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2024-43511 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-10-17 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-45710 | 1 Solarwinds | 1 Solarwinds Platform | 2024-10-17 | N/A | 7.8 HIGH |
| SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine. | |||||