6
CVE-2024-1298 - Integer Overflow caused by divide by zero during S3 suspension
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
8.5
CVE-2024-34171 - Fuji Electric Monitouch V-SFT Stack-Based Buffer Overflow
Fuji Electric Monitouch V-SFT is vulnerable to a stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
8.5
CVE-2024-5271 - Fuji Electric Monitouch V-SFT Access of Resource Using Incompatible Type ('Type Confusion')
Fuji Electric Monitouch V-SFT is vulnerable to an out-of-bounds write because of a type confusion, which could result in arbitrary code execution.
4.2
CVE-2024-32877 - Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting (XSS) vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 (2.0.49.3). This issue lies in the mechanism for displβ¦
6.5
CVE-2024-35189 - Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration` records and their associated `secrets` which _can_ contain sensitive data (e.g. passwords, private keys, etc.). These `secrets` are stored encrypted at rest (iβ¦
5.5
CVE-2024-35228 - Improper Handling of Insufficient Permissions in Wagtail
Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, eveβ¦
9.3
CVE-2024-2422 - LenelS2 NetBox Improper Neutralization of Argumented Delimiters
LenelS2 NetBox access control and event monitoring system was discovered to contain an authenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands.
9.3
CVE-2024-2421 - LenelS2 NetBox Improper Neutralization of Special Elements
LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.
8.8
CVE-2024-2420 - LenelS2 NetBox Hardcoded Credentials
LenelS2 NetBox access control and event monitoring system was discovered to containΒ Hardcoded Credentials in versions prior to and including 5.6.1 which allows an attacker to bypass authentication requirements.
9.8
CVE-2024-35469 -
A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter.