Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-27349 |
Authentication Bypass by Spoofing vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. Published: April 22, 2024; 10:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27348 |
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue. Published: April 22, 2024; 10:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-27347 |
Server-Side Request Forgery (SSRF) vulnerability in Apache HugeGraph-Hubble.This issue affects Apache HugeGraph-Hubble: from 1.0.0 before 1.3.0. Users are recommended to upgrade to version 1.3.0, which fixes the issue. Published: April 22, 2024; 10:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-4026 |
Cross-Site Scripting (XSS) vulnerability in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within all editable parameters within the 'General' and 'Team ID' functionalities, which could result in a session takeover. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-29661 |
A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-28717 |
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22856 |
A SQL injection vulnerability via the Save Favorite Search function in Axefinance Axe Credit Portal >= v.3.0 allows authenticated attackers to execute unintended queries and disclose sensitive information from DB tables via crafted requests. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22815 |
An issue in the communication protocol of Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) via crafted commands. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22813 |
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to overwrite the hardcoded IP address in the device memory, disrupting network connectivity between the router and the controller. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22811 |
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the Hostmot2 configuration cookie in the device memory. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22809 |
Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22808 |
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to cause a Denial of Service (DoS) by disrupting the communication between the PathPilot controller and the CNC router via overwriting the card's name in the device memory. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-22807 |
An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption. Published: April 22, 2024; 8:15:07 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32691 |
Missing Authorization vulnerability in realmag777 Active Products Tables for WooCommerce.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.2. Published: April 22, 2024; 7:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32688 |
Missing Authorization vulnerability in Long Watch Studio MyRewards.This issue affects MyRewards: from n/a through 5.3.0. Published: April 22, 2024; 7:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32687 |
Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3. Published: April 22, 2024; 7:15:47 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32684 |
Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Published: April 22, 2024; 7:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32682 |
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. Published: April 22, 2024; 7:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32681 |
Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.13.2. Published: April 22, 2024; 7:15:46 AM -0400 |
V3.x:(not available) V2.0:(not available) |
CVE-2024-32698 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.4. Published: April 22, 2024; 4:15:39 AM -0400 |
V3.x:(not available) V2.0:(not available) |