Total
1618 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47406 | 2 Sharp, Toshibatec | 643 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 640 more | 2024-11-05 | 9.1 Critical |
| Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. | ||||
| CVE-2024-6582 | 2 Lunary, Lunary-ai | 2 Lunary, Lunary-ai\/lunary | 2024-11-03 | 4.3 Medium |
| A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view the SSO metadata of another organization. This vulnerability can lead to unauthorized access and potential account takeover if the email of a user in the target organization is known. | ||||
| CVE-2024-9430 | 1 Wpcloudtechnologies | 1 Get A Quote For Woocommerce | 2024-11-01 | 5.3 Medium |
| The Get Quote For Woocommerce – Request A Quote For Woocommerce plugin for WordPress is vulnerable to unauthorized access of Quote data due to a missing capability check on the ct_tepfw_wp_loaded function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to download Quote PDF and CSV documents. | ||||
| CVE-2024-50488 | 2 Priyabrata Sarkar, Priyabratasarkar | 2 Token Login, Token Login | 2024-10-31 | 8.8 High |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3. | ||||
| CVE-2024-50477 | 2 Stacks, Stacksmarket | 2 Stacks Mobile App Builder, Stacks Mobile App Builder | 2024-10-31 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3. | ||||
| CVE-2024-50487 | 1 Maantheme | 1 Maanstore Api | 2024-10-31 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in MaanTheme MaanStore API allows Authentication Bypass.This issue affects MaanStore API: from n/a through 1.0.1. | ||||
| CVE-2024-50489 | 2 Realty Workstation, Realtyworkstation | 2 Realty Workstation, Realty Workstation | 2024-10-31 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Realty Workstation allows Authentication Bypass.This issue affects Realty Workstation: from n/a through 1.0.45. | ||||
| CVE-2022-23862 | 1 Ysoft | 1 Safeq | 2024-10-30 | 8.4 High |
| A Local Privilege Escalation issue was discovered in Y Soft SAFEQ 6 Build 53. The SafeQ JMX service running on port 9696 is vulnerable to JMX MLet attacks. Because the service did not enforce authentication and was running under the "NT Authority\System" user, an attacker is able to use the vulnerability to execute arbitrary code and elevate to the system user. | ||||
| CVE-2024-47902 | 1 Siemens | 4 Intermesh 7177 Hybrid2.0 Subscriber, Intermesh 7177 Hybrid 2.0 Subscriber, Intermesh 7707 Fire Subscriber and 1 more | 2024-10-30 | 7.2 High |
| A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber (All versions < V7.2.12 only if the IP interface is enabled (which is not the default configuration)). The web server of affected devices does not authenticate GET requests that execute specific commands (such as `ping`) on operating system level. | ||||
| CVE-2024-50486 | 1 Acnoo | 2 Acnoo Flutter Api, Flutter Api | 2024-10-29 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a through 1.0.5. | ||||
| CVE-2024-42017 | 2024-10-29 | 10 Critical | ||
| An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication. | ||||
| CVE-2024-10002 | 1 Roveridx | 1 Rover Idx | 2024-10-25 | 8.8 High |
| The Rover IDX plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.0.2905. This is due to insufficient validation and capability check on the 'rover_idx_refresh_social_callback' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to log in to administrator. The vulnerability is partially patched in version 3.0.0.2905 and fully patched in version 3.0.0.2906. | ||||
| CVE-2024-48442 | 1 Tuoshi | 1 5g Cpe Router Nr500-ea Firmware | 2024-10-25 | 6.5 Medium |
| Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication. | ||||
| CVE-2024-26519 | 1 Casa Systems | 1 Ntc-221 Firmware | 2024-10-23 | 9 Critical |
| An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. | ||||
| CVE-2024-49328 | 2 Vivek Tamrakar, Vivektamrakar | 2 Wp Rest Api Fns, Wp Rest Api Fns | 2024-10-23 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0. | ||||
| CVE-2024-49604 | 2 Najeeb Ahmad, Najeebmedia | 2 Simple User Registration, Simple User Registration | 2024-10-23 | 9.8 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | ||||
| CVE-2024-21272 | 1 Oracle | 2 Mysql, Mysql Connector\/python | 2024-10-21 | 7.5 High |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-39300 | 1 Elecom | 2 Wab-i1750-ps, Wab-i1750-ps Firmware | 2024-10-21 | 8.1 High |
| Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. | ||||
| CVE-2024-48920 | 1 Putongoj | 1 Putongoj | 2024-10-18 | 9.1 Critical |
| PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | ||||
| CVE-2024-49399 | 1 Elvaco | 1 Cme3100 Firmware | 2024-10-18 | N/A |
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | ||||