Total
1434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48442 | 2024-10-25 | N/A | 6.5 MEDIUM | ||
| Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication. | |||||
| CVE-2024-26519 | 2024-10-23 | N/A | 9.0 CRITICAL | ||
| An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. | |||||
| CVE-2024-49328 | 1 Vivektamrakar | 1 Wp Rest Api Fns | 2024-10-23 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST API FNS allows Authentication Bypass.This issue affects WP REST API FNS: from n/a through 1.0.0. | |||||
| CVE-2024-49604 | 1 Najeebmedia | 1 Simple User Registration | 2024-10-23 | N/A | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a through 5.5. | |||||
| CVE-2024-47912 | 2024-10-23 | N/A | 8.2 HIGH | ||
| A vulnerability in the AWV (Audio, Web, and Video) Conferencing component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to perform unauthorized data-access attacks due to missing authentication mechanisms. A successful exploit could allow an attacker to access and delete sensitive information. | |||||
| CVE-2024-40091 | 2024-10-23 | N/A | 5.3 MEDIUM | ||
| Vilo 5 Mesh WiFi System <= 5.16.1.33 lacks authentication in the Boa webserver, which allows remote, unauthenticated attackers to retrieve logs with sensitive system. | |||||
| CVE-2024-40087 | 2024-10-23 | N/A | 9.6 CRITICAL | ||
| Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router. | |||||
| CVE-2024-43488 | 1 Microsoft | 1 Visual Studio Code | 2024-10-21 | N/A | 9.8 CRITICAL |
| Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector. | |||||
| CVE-2024-21272 | 1 Oracle | 1 Mysql | 2024-10-21 | N/A | 7.5 HIGH |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.0.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2024-49399 | 2024-10-18 | N/A | N/A | ||
| The affected product is vulnerable to an attacker being able to use commands without providing a password which may allow an attacker to leak information. | |||||
| CVE-2024-48920 | 2024-10-18 | N/A | 9.1 CRITICAL | ||
| PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This problem has been fixed in v2.1.0.beta.1. As a workaround, one may apply the patch from commit `211dfe9` manually. | |||||
| CVE-2024-47130 | 1 Gotenna | 1 Gotenna Pro | 2024-10-17 | N/A | 6.5 MEDIUM |
| The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols. | |||||
| CVE-2024-9984 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | N/A | 9.8 CRITICAL |
| Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated remote attackers to use this functionality to obtain any user's session cookie. | |||||
| CVE-2024-5749 | 2024-10-16 | N/A | 7.5 HIGH | ||
| Certain HP DesignJet products may be vulnerable to credential reflection which allow viewing SMTP server credentials. | |||||
| CVE-2023-22650 | 2024-10-16 | N/A | 8.8 HIGH | ||
| A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave the user’s tokens still usable. | |||||
| CVE-2024-48771 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48768 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48776 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | |||||
| CVE-2024-48775 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | |||||
| CVE-2024-48773 | 2024-10-15 | N/A | 7.5 HIGH | ||
| An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | |||||