CVE-2024-29847 : IVANTI EPM 2024/UP TO 2022 SU5 AGENT PORTAL DESERIALIZATION
Description Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update
CVE-2024-21529 : DSET UP TO 3.1.3 PROTOTYPE POLLUTION
Description Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user
CVE-2024-43690 : GALLAGHER COMMAND CENTRE SERVER INCLUSION OF FUNCTIONALITY FROM UNTRUSTED CONTROL SPHERE
Description Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to
CVE-2024-8503 : VICIDIAL 2.14-917A SQL INJECTION
Description An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial
CVE-2024-45409 : SAML-TOOLKITS RUBY-SAML UP TO 1.12.2/1.16.X SAML RESPONSE SIGNATURE VERIFICATION
Description The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in
CVE-2024-44107 : IVANTI WORKSPACE CONTROL UP TO 10.18.50.0 MANAGEMENT CONSOLE UNCONTROLLED SEARCH PATH
Description DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker
CVE-2024-45590 : EXPRESSJS BODY-PARSER UP TO 1.20.2 AMPLIFICATION
Description body-parser is Node.js body parsing middleware. body-parser
CVE-2024-8232 : ININET SOLUTIONS SPIDERCONTROL SCADA WEB SERVER UP TO 2.09 FILE UNRESTRICTED UPLOAD
Description SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without
CVE-2024-45593 : NIXOS NIX UP TO 2.24.5 NAR PATH TRAVERSAL
Description Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6
CVE-2024-31960 : SAMSUNG EXYNOS 1480/EXYNOS 2400 XCLIPSE AMDGPU DRIVER REFERENCE COUNT
Description An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference
CVE-2024-42423 : DELL WYSE PROPRIETARY OS 2311/2402 CITRIX WORKSPACE APP AUTHORIZATION
Description Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled
CVE-2024-6342 : ZYXEL NAS326/NAS542 UP TO 5.21 HTTP POST REQUEST OS COMMAND INJECTION
Description **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and
CVE-2024-8601 : TECHEXCEL SOFTWARE SOLUTIONS BACK OFFICE SOFTWARE 0.X API ENDPOINT AUTHORIZATION
Description This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain
CVE-2024-37288 : ELASTIC KIBANA 8.15.0 YAML PARSER DESERIALIZATION
Description A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document
CVE-2024-8584 : LEARNING DIGITAL ORCA HCM UP TO 10.X ACCESS CONTROL
Description Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to
CVE-2024-36138 : NODE.JS UP TO 18.20.3/20.15.0/22.4.0 ON WINDOWS INCOMPLETE FIX CVE-2024-27980 CHILD_PROCESS.SPAWN/CHILD_PROCESS.SPAWNSYNC COMMAND INJECTION
Description Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows
CVE-2024-40681 : IBM MQ OPERATOR 2.0.26/3.2.4 QUEUE MANAGER PRIVILEGES ASSIGNMENT
Description IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security
CVE-2024-8567 : ITSOURCECODE PAYROLL MANAGEMENT SYSTEM 1.0 AJAX.PHP ID SQL INJECTION
Description A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects
CVE-2024-8565 : SOURCECODESTERS CLINICS PATIENT MANAGEMENT SYSTEM 2.0 /PRINT_DISEASES.PHP DISEASE/FROM/TO SQL INJECTION
Description A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. It has been rated as critical. This issue
CVE-2024-8523 : LMXCMS UP TO 1.4 SQL COMMAND EXECUTION MODULE ADMIN.PHP FORMATDATA DATA CODE INJECTION
Description A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the
CVE-2024-25584 : OPEN-XCHANGE OX DOVECOT PRO UP TO 2.3.21 DATA COMMAND DATA AUTHENTICITY
Description Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be
What GDPR 2.0 Means For Businesses In 2024?
GDPR 2.0, the forthcoming update to the General Data Protection Regulation, is set to redefine data privacy and security standards
CVE-2024-8521 : WAVELOG UP TO 1.8.0 LIVE QSO /QSO INDEX MANUAL CROSS SITE SCRIPTING
Description A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index
CVE-2024-6445 : DATAFLOWX TECHNOLOGY DATADIODEX UP TO 3.4.X PATH TRAVERSAL
Description Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.