6.5
CVE-2024-39290 -
Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book.
8
CVE-2024-31408 -
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request.
6.7
CVE-2024-51073 -
An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this is disputed by the Supplier because the findings came from a potentially unrealistic test environment (anβ¦
6.2
CVE-2024-47863 -
An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with high-pβ¦
6.8
CVE-2024-50657 -
An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method
7.5
CVE-2024-44786 -
Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.
6.7
CVE-2024-51074 -
Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. NOTE: this is disputed by the supplier because the CAN busβ¦
9.8
CVE-2024-53438 -
EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands.
9.8
CVE-2024-52723 -
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload.
6.1
CVE-2024-37783 -
A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx.