5.4
CVE-2024-41968 - WAGO: Docker Settings Manipulation in Multiple Devices
A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS.
8.8
CVE-2024-41151 - Apache HertzBeat: RCE by notice template injection vulnerability
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.
7.5
CVE-2024-45791 - Apache HertzBeat: Exposure sensitive token via http GET method with query string
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue.
8.8
CVE-2024-45505 - Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade toβ¦
9.8
CVE-2024-47208 - Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue.
8.9
CVE-2024-48962 - Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and Cβ¦
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.β¦
8.3
CVE-2024-49574 - SQL Injection
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection inΒ the reports module.
9.8
CVE-2024-11315 - TRCore DVC - Arbitrary File Upload through Path Traversal
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
6.8
CVE-2024-22067 - ZTE NH8091 product has an improper permission control vulnerability
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands.
9.8
CVE-2024-11314 - TRCore DVC - Arbitrary File Upload through Path Traversal
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.