Lucene search
K

11652 matches found

NVD
NVD
added 2024/10/17 7:15 p.m.9 views

CVE-2024-7755

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...

8.2CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/17 6:13 p.m.16 views

CVE-2024-7755 HMS Networks EWON FLEXY 202 Insufficiently Protected Credentials

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...

8.2CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2024/10/16 9:15 p.m.15 views

CVE-2024-48180

ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...

9.8CVSS0.00594EPSS
Exploits0References1
OSV
OSV
added 2024/10/16 5:15 p.m.4 views

CVE-2024-20280

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/16 4:15 p.m.22 views

CVE-2024-20280 Cisco UCS Central Software Configuration Backup Static Key Vulnerability

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

6.3CVSS0.00112EPSS
Exploits0References1
Cisco
Cisco
added 2024/10/16 4:0 p.m.13 views

Cisco UCS Central Software Configuration Backup Information Disclosure Vulnerability

A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...

6.3CVSS6.2AI score0.00112EPSS
Exploits0References1
CVE
CVE
added 2024/10/16 12:0 a.m.51 views

CVE-2024-48180

CVE-2024-48180 affects ClassCMS versions ≤ 4.8. The issue is a file inclusion in the nowView method of /class/cms/cms.php, which can include a file uploaded to /class/template, allowing PHP code execution. Documented impact indicates high confidentiality, integrity, and availability impact with a...

9.8CVSS7.4AI score0.00594EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/16 12:0 a.m.14 views

CVE-2024-48180

ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...

0.00594EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/10/15 2:53 p.m.10 views

CVE-2024-47080

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method MatrixClient.sendSharedHistoryKeys is vulnerable to interception by malicious homeservers. The method was introduced by MSC3061 and is commonly used to...

8.7CVSS5.5AI score0.00682EPSS
Exploits0
Amd
Amd
added 2024/10/14 12:0 a.m.17 views

Microarchitectural Cache Side-Channel Attacks

Bulletin ID: AMD-SB-7025 Potential Impact: N/A Severity: N/A Summary Researchers from Azure® Research, Microsoft® have provided to AMD a paper titled “Principled Microarchitectural Isolation on Cloud CPUs.” In their paper, the researchers describe a potential side-channel vulnerability on AMD CPU...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.7 views

PT-2024-10192 · Laravel · Laravel Pulse

Name of the Vulnerable Software and Affected Versions: Laravel Pulse versions prior to 1.3.1 Description: Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability exists in the public remember method within the...

9.3CVSS7.5AI score0.28571EPSS
Exploits3References20
CNVD
CNVD
added 2024/10/10 12:0 a.m.3 views

Siemens Simcenter Nastran Heap Buffer Overflow Vulnerability

Simcenter Nastran is a finite element method solver with computational performance, accuracy and reliability. A heap buffer overflow vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.5AI score0.00221EPSS
Exploits0References1
CNVD
CNVD
added 2024/10/10 12:0 a.m.3 views

Siemens Simcenter Nastran Memory Corruption Vulnerability

Simcenter Nastran is a finite element method solver with computational performance, accuracy and reliability. A memory corruption vulnerability exists in Siemens Simcenter Nastran, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.2AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2024/10/09 7:4 a.m.3 views

MAL-2024-9195 Malicious code in updated-script-rainbow-six-siege-renown-method-unlimited-undetected-updated-2023-aaseax (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1e38a8e46fd7a50a4aa74b0c1f46075a329295be810eb70a479185500004b03 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Cvelist
Cvelist
added 2024/10/09 12:0 a.m.21 views

CVE-2024-25286

...

Exploits1
Cvelist
Cvelist
added 2024/10/09 12:0 a.m.12 views

CVE-2024-25284

...

Exploits1
CVE
CVE
added 2024/10/09 12:0 a.m.71 views

CVE-2024-25284

CVE-2024-25284 concerns RedSys 3DSecure 2.0, specifically the 3DS Authorization Method. The vulnerability is a reflected Cross‑Site Scripting (XSS) in the threeDSMethod.jsp endpoint, caused by lack of sanitization of the threeDSMethodData parameter. This allows an attacker to inject arbitrary scr...

6.1AI score
Exploits1
Vulnrichment
Vulnrichment
added 2024/10/09 12:0 a.m.19 views

CVE-2024-25286

...

8.7AI score
Exploits1
Microsoft KB
Microsoft KB
added 2024/10/08 2:0 p.m.60 views

October 8, 2024—KB5044288 (OS Build 25398.1189)

October 8, 2024—KB5044288 OS Build 25398.1189 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

9CVSS8.2AI score0.60954EPSS
Exploits4
OSV
OSV
added 2024/10/08 6:30 a.m.1 views

GHSA-62CX-5XJ4-WFM4 ggit is vulnerable to Command Injection via the fetchTags(branch) API

All versions of the package ggit are vulnerable to Command Injection via the fetchTagsbranch API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec Node.js child process API...

7.3CVSS5.9AI score0.01247EPSS
Exploits0References4
Rows per page
Query Builder