Total
24574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20700 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2024-07-24 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2024-39685 | 2024-07-24 | N/A | 9.8 CRITICAL | ||
| Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier. | |||||
| CVE-2024-26020 | 2024-07-24 | N/A | 9.6 CRITICAL | ||
| An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability. | |||||
| CVE-2024-21552 | 2024-07-24 | N/A | 9.8 CRITICAL | ||
| All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server. | |||||
| CVE-2024-37998 | 2024-07-24 | N/A | 9.8 CRITICAL | ||
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications. | |||||
| CVE-2024-39686 | 2024-07-24 | N/A | 9.8 CRITICAL | ||
| Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the data_dir variable is used directly in a command executed with subprocess.run(cmd, shell=True) in the bert_gen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier. | |||||
| CVE-2024-6806 | 2024-07-24 | N/A | 9.8 CRITICAL | ||
| The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions. | |||||
| CVE-2024-6793 | 2024-07-24 | N/A | 9.8 CRITICAL | ||
| A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions. | |||||
| CVE-2024-6794 | 2024-07-24 | N/A | 9.8 CRITICAL | ||
| A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions. | |||||
| CVE-2024-5983 | 1 Itsourcecode | 1 Online Book Store Project | 2024-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268459. | |||||
| CVE-2024-5984 | 1 Online Book Store Project Project | 1 Online Book Store Project | 2024-07-24 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268460. | |||||
| CVE-2018-10682 | 1 Wildfly | 1 Wildfly | 2024-07-23 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (auto-deployment) permits an anonymous user to deploy a malicious .war file, leading to remote code execution. NOTE: the vendor indicates that anonymous access is not available in the default installation; however, it remains optional because there are several use cases for it, including development environments and network architectures that have a proxy server for access control to the WildFly server | |||||
| CVE-2024-5328 | 1 Lunary | 1 Lunary | 2024-07-23 | N/A | 9.3 CRITICAL |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An attacker can exploit this vulnerability by sending a specially crafted request to the affected endpoint, allowing them to make unauthorized requests to internal or external resources. This could lead to the disclosure of sensitive information, service disruption, or further attacks against the network infrastructure. The issue affects the latest version of the application as of the report. | |||||
| CVE-2022-48317 | 1 Checkmk | 1 Checkmk | 2024-07-23 | N/A | 9.8 CRITICAL |
| Expired sessions were not securely terminated in the RestAPI for Tribe29's Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI. | |||||
| CVE-2024-5171 | 1 Aomedia | 1 Libaom | 2024-07-23 | N/A | 9.8 CRITICAL |
| Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_wrap() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. * Calling aom_img_alloc_with_border() with a large value of the d_w, d_h, align, size_align, or border parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned aom_image_t struct may be invalid. | |||||
| CVE-2024-4898 | 1 Instawp | 1 Instawp Connect | 2024-07-23 | N/A | 9.8 CRITICAL |
| The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible for unauthenticated attackers to connect the site to InstaWP API, edit arbitrary site options and create administrator accounts. | |||||
| CVE-2023-29824 | 1 Scipy | 1 Scipy | 2024-07-22 | N/A | 9.8 CRITICAL |
| A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. | |||||
| CVE-2024-30534 | 1 Typps | 1 Calendarista | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5. | |||||
| CVE-2024-30538 | 1 Delucks | 1 Delucks Seo | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4. | |||||
| CVE-2024-30539 | 1 Getawesomesupport | 1 Awesome Support | 2024-07-22 | N/A | 9.8 CRITICAL |
| Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. | |||||