CVE-2024-8235 : RED HAT ENTERPRISE LINUX 6/7/8/9 LIBVIRT NULL POINTER DEREFERENCE
Description A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs
CVE-2024-44944 : LINUX KERNEL UP TO 6.10.2 CTNETLINK NF_EXPECT_GET_ID PRIVILEGE ESCALATION
Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID
CVE-2024-45488 : ONE IDENTITY SAFEGUARD FOR PRIVILEGED PASSWORDS UP TO 7.0.5.0/7.4.1/7.5.1 COOKIE IMPROPER AUTHORIZATION
Description One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This
CVE-2024-5879 : HUBSPOT PLUGIN UP TO 11.1.22 ON WORDPRESS HUBSPOT MEETING WIDGET CROSS SITE SCRIPTING
Description The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site
CVE-2024-43931 : EYECIX JOBSEARCH PLUGIN UP TO 2.5.3 ON WORDPRESS DESERIALIZATION
Description Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3. References
CVE-2024-8255 : DELTA ELECTRONICS DTN SOFT UP TO 2.0.1 DESERIALIZATION
Description Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a
CVE-2024-5991 : WOLFSSL UP TO 5.7.0 MATCHDOMAINNAME OUT-OF-BOUNDS
Description In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
CVE-2024-45037 : AWS AWS-CDK UP TO 2.148.0 AUTHORIZATION
Description The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it
CVE-2024-41622 : D-LINK DIR-846W A1 FW100A43 /HNAP1/ TOMOGRAPHY_PING_ADDRESS OS COMMAND INJECTION
Description D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in
CVE-2024-43414 : APOLLOGRAPHQL FEDERATION UP TO 1.52.0/2.8.4 RECURSION
Description Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice
CVE-2024-43117 : WPMU DEV HUMMINGBIRD PLUGIN UP TO 3.9.1 ON WORDPRESS CROSS-SITE REQUEST FORGERY
Description Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1. References https://patchstack.com/database/vulnerability/hummingbird-performance/wordpress-hummingbird-plugin-3-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve For
CVE-2024-7125 : HITACHI OPS CENTER COMMON SERVICES 10.9.3-00/11.0.2-00 AUTHENTICATION BYPASS
Description Authentication Bypass vulnerability in Hitachi Ops Center Common Services.This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before
CVE-2024-8088 : PYTHON CPYTHON UP TO 3.13.0 ZIPFILE MODULE NAMELIST/ITERDIR/EXTRACTALL INFINITE LOOP
Description There is a HIGH severity vulnerability affecting the CPython “zipfile” module. When iterating over names of entries in a
CVE-2024-42490 : GOAUTHENTIK API ENDPOINT IMPROPER AUTHORIZATION
Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main
CVE-2024-8041 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 17.1.5/17.2.3/17.3.0 IMPORT RESOURCE CONSUMPTION
Description A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2
CVE-2023-6452 : FORCEPOINT WEB SECURITY UP TO 8.5.5 TRANSACTION VIEWER CROSS SITE SCRIPTING
Description Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored
CVE-2024-36445 : SWISSPHONE DICAL-RED 4009 TELNET SERVICE IMPROPER AUTHENTICATION
Description Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. References https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-035.txt
CVE-2024-42497 : MATTERMOST UP TO 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 SYSTEMS MANAGER ROLE ACCESS CONTROL
Description Mattermost versions 9.9.x
CVE-2024-8080 : SOURCECODESTER ONLINE HEALTH CARE SYSTEM 1.0 SEARCH.PHP F_NAME SQL INJECTION
Description A vulnerability classified as critical has been found in SourceCodester Online Health Care System 1.0. Affected is an unknown
CVE-2024-28987 : SOLARWINDS WEB HELP DESK UP TO 12.8.3 HOTFIX 1 HARD-CODED CREDENTIALS
Description The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to
CVE-2024-39576 : DELL POWER MANAGER UP TO 3.15.0 PRIVILEGES ASSIGNMENT
Description Dell Power Manager (DPM), versions 3.15.0 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with
CVE-2024-20375 : CISCO UNIFIED COMMUNICATIONS MANAGER UP TO 15 SIP OUT-OF-BOUNDS WRITE
Description A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications
CVE-2024-7384 : ACYBA ACYMAILING PLUGIN UP TO 9.7.2 ON WORDPRESS ACYM_EXTRACTARCHIVE UNRESTRICTED UPLOAD
Description The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to
CVE-2024-21690 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER UP TO 8.9.5 CROSS-SITE REQUEST FORGERY
Description This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0,