8.5
CVE-2024-38876 -
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivβ¦
6.1
CVE-2024-7204 - Ai3 QbiBot - Stored XSS
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to insert JavaScript code into the chat box. Once the recipient views the message, they will be subject to a Stored XSS attack.
4.3
CVE-2024-40723 - CHANGING Information Technology HWATAIServiSign Windows Version - Stack-based Buffer Overflow
The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily diβ¦
4.3
CVE-2024-40722 - CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrβ¦
8.8
CVE-2024-40721 - CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.
8.8
CVE-2024-40720 - CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the `HKEY_CURRENT_USER` registry to execute arbitrary commands.
6.5
CVE-2024-40719 - CHANGING Information Technology TCBServiSign Windows Version - Inadequate Encryption Strength
The encryption strength of the authorization keys in CHANGING Information Technology TCBServiSign Windows Version is insufficient. When a remote attacker tricks a victim into visiting a malicious website, TCBServiSign will treat that website as a legitimate server and interact with it.
9.8
CVE-2024-36268 - Apache InLong TubeMQ Client: Remote Code Execution vulnerability
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick [1] to solve it. [1]Β https://giβ¦
6.4
CVE-2024-4643 - Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrβ¦
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βend_redirect_linkβ parameter in versions up to, and including, 5.7.1 due to insufficient input sanitization and outpβ¦
4.9
CVE-2024-27182 - Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerβ¦
In Apache Linkis <= 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue.