CVE-2024-49770 : OAK UP TO 17.1.2 API CONTEXT.SEND PATH TRAVERSAL
Description `oak` is a middleware framework for Deno’s native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and
CVE-2024-41738 : IBM TXSERIES FOR MULTIPLATFORMS 10.1 QUERY STRING GET REQUEST METHOD WITH SENSITIVE QUERY STRINGS
Description IBM TXSeries for Multiplatforms 10.1 could allow an attacker to obtain sensitive information from the query string of an
CVE-2024-51377 : LADYBIRD WEB SOLUTION FAVEO HELPDESK & SERVICEDESK ON-PREMISE 9.2.0 SUBJECT/IDENTIFIER PRIVILEGE ESCALATION
Description An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to
CVE-2024-9632 : X.ORG X SERVER UP TO 21.1.13 BITMAP_XKBSETCOMPATMAP SYM_INTERPRET HEAP-BASED OVERFLOW
Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker
CVE-2024-51568 : PSAUX CYBERPANEL UP TO 2.3.4 FILE MANAGER /FILEMANAGER/UPLOAD PROCESSUTILITIES.OUTPUTEXECUTIONER OS COMMAND INJECTION
Description CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka
CVE-2024-8923 : SERVICENOW NOW PLATFORM IMPROPER AUTHENTICATION
Description ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an
CVE-2024-49768 : PYLONS WAITRESS UP TO 3.0.0 ON PYTHON HTTP PIPELINING RECV_BYTES TOCTOU
Description Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a
CVE-2024-6674 : PARISNEO LOLLMS-WEBUI UP TO 9.8 PRIVATE API KEY ORIGIN VALIDATION
Description A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser
CVE-2024-47821 : PYLOAD UP TO 0.5.0B3.DEV86/ .PYLOAD/SCRIPTS OS COMMAND INJECTION
Description pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions
CVE-2024-48581 : SOURCECODESTER BEST COURIER MANAGEMENT SYSTEM 1.0 ADMIN_CLASS.PHP UNRESTRICTED UPLOAD
Description File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code
CVE-2024-20329 : CISCO ASA UP TO 9.19.1.18 EXPRESSION/COMMAND DELIMITERS
Description A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker
CVE-2024-47575 : FONTINET FORTIMANAGER UP TO 7.6.0 REQUEST MISSING AUTHENTICATION
Description A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0
CVE-2024-47901 : SIEMENS INTERMESH 7177 HYBRID 2.0 SUBSCRIBER PRIOR 8.2.12 WEB SERVER OS COMMAND INJECTION
Description A vulnerability has been identified in InterMesh 7177 Hybrid 2.0 Subscriber (All versions < V8.2.12), InterMesh 7707 Fire Subscriber
CVE-2024-50066 : LINUX KERNEL UP TO 6.6.57/6.11.4 MREMAP MEMORY CORRUPTION
Description In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at
CVE-2024-31880 : IBM DB2/DB2 CONNECT SERVER 10.5/11.1/11.5 SQL STATEMENT ALLOCATION OF RESOURCES
Description IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a
CVE-2024-48919 : GETCURSOR UP TO 0.41 INPUT VALIDATION
Description Cursor is a code editor built for programming with AI. Prior to Sep 27, 2024, if a user generated
CVE-2024-45335 : TREND MICRO ANTIVIRUS ONE UP TO 3.10.5 SCAN DETECTION PRIVILEGE ESCALATION
Description Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a
CVE-2024-45518 : SYNACOR ZIMBRA COLLABORATION SUITE HTTP REQUEST SERVER-SIDE REQUEST FORGERY
Description An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and
CVE-2024-9473 : PALO ALTO GLOBALPROTECT APP UP TO 5.1/6.1/6.2.4/6.3 ON WINDOWS REPAIR UNNECESSARY PRIVILEGES
Description A privilege escalation vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a locally authenticated non-administrative Windows
CVE-2024-9463 : PALO ALTO EXPEDITION UP TO 1.2.95 DEVICE CONFIGURATION OS COMMAND INJECTION
Description An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands
CVE-2024-47763 : BYTECODEALLIANCE WASMTIME UP TO 21.0.1/22.0.0/23.0.2/24.0.0/25.0.1 CONTROL FLOW
Description Wasmtime is an open source runtime for WebAssembly. Wasmtime’s implementation of WebAssembly tail calls combined with stack traces can
CVE-2024-46292 : OWASP MODSECURITY 3.0.12 INPUT NAME DENIAL OF SERVICE
Description A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input
CVE-2024-25825 : FYDEOS FOR PC EMPTY PASSWORD IN CONFIGURATION FILE
Description FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were
CVE-2024-8015 : PROGRESS TELERIK REPORTING UP TO 10.2.24.806 EXTERNALLY-CONTROLLED INPUT TO SELECT CLASSES OR CODE
Description In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through