6.8
CVE-2024-12653 - FabulaTech USB over Network IOCT ftusbbus2.sys 0x22040C null pointer dereference
A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The ex…
0.0
CVE-2024-54229 - WordPress SV100 Companion plugin <= 2.0.02 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02.
8.7
CVE-2024-12092 - Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator o…
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2024-12091 - Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator f…
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2024-12090 - Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator o…
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2024-12089 - Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator f…
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
9.3
CVE-2024-49775 -
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions…
4.3
CVE-2024-37251 - WordPress Advanced Custom Fields Pro plugin < 6.3.2 - Cross-Site Request Forgery (CSRF) vulnerabili…
Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2.
8.2
CVE-2024-12668 - Velocidex WinPmem Out of Bounds Write Vulnerability
Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the loca…
7.3
CVE-2024-10972 - WinPmem Improper Input Validation vulnerability
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being p…