8.8

CVSS3.1

CVE-2024-43385 - Phoenix Contact: OS command execution through PROXY_HTTP_PORT in mGuard devices

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.

📅 Published: Sept. 10, 2024, 8:43 a.m. 🔄 Last Modified: Sept. 27, 2024, 7:33 p.m.

8.8

CVSS3.1

CVE-2024-7699 - Phoenix Contact: OS command execution in MGUARD products

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.

📅 Published: Sept. 10, 2024, 8:42 a.m. 🔄 Last Modified: Sept. 27, 2024, 6:59 p.m.

5.7

CVSS3.1

CVE-2024-7698 - Phoenix Contact: Access to CSRF tokens of higher privileged users in MGUARD products

A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

📅 Published: Sept. 10, 2024, 8:42 a.m. 🔄 Last Modified: Aug. 22, 2025, 7:15 a.m.

2

CVSS4.0

CVE-2024-8258 - Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS

Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.

📅 Published: Sept. 10, 2024, 8:36 a.m. 🔄 Last Modified: Sept. 27, 2024, 6:56 p.m.

3.8

CVSS3.1

CVE-2024-42425 -

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

📅 Published: Sept. 10, 2024, 8:17 a.m. 🔄 Last Modified: Sept. 16, 2024, 3:46 p.m.

5.3

CVSS3.1

CVE-2024-42424 -

Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

📅 Published: Sept. 10, 2024, 8:05 a.m. 🔄 Last Modified: Dec. 20, 2024, 2:41 p.m.

5.3

CVSS3.1

CVE-2024-7734 - Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors.

An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.

📅 Published: Sept. 10, 2024, 8:03 a.m. 🔄 Last Modified: Sept. 28, 2024, 11:56 p.m.

9.8

CVSS3.1

CVE-2024-6596 - Endress+Hauser: Multiple products are vulnerable to code injection

An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.

📅 Published: Sept. 10, 2024, 8:01 a.m. 🔄 Last Modified: Oct. 1, 2024, 12:26 p.m.

7.6

CVSS3.1

CVE-2024-42427 -

Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.

📅 Published: Sept. 10, 2024, 7:39 a.m. 🔄 Last Modified: Dec. 20, 2024, 2:43 p.m.

4.4

CVSS3.1

CVE-2024-7618 - Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenti…

The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it pos…

📅 Published: Sept. 10, 2024, 7:30 a.m. 🔄 Last Modified: April 8, 2026, 5:31 p.m.
Total resulsts: 349182
Page 8621 of 34,919
« previous page » next page
Filters