Show filters
2,038 Total Results
Displaying 111-120 of 2,038
Sort by:
Attacker Value
Unknown
CVE-2024-48007
Disclosure Date: December 13, 2024 (last updated February 05, 2025)
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.
0
Attacker Value
Unknown
CVE-2024-38488
Disclosure Date: December 13, 2024 (last updated February 05, 2025)
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise.
This allows attackers to brute-force the password of valid users in an automated manner.
0
Attacker Value
Unknown
CVE-2024-22461
Disclosure Date: December 13, 2024 (last updated February 05, 2025)
Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.
0
Attacker Value
Unknown
CVE-2024-11275
Disclosure Date: December 13, 2024 (last updated December 18, 2024)
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users.
0
Attacker Value
Unknown
CVE-2024-49071
Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
0
Attacker Value
Unknown
CVE-2024-12260
Disclosure Date: December 12, 2024 (last updated December 21, 2024)
The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
0
Attacker Value
Unknown
CVE-2024-49070
Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Microsoft SharePoint Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2024-49068
Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Microsoft SharePoint Elevation of Privilege Vulnerability
0
Attacker Value
Unknown
CVE-2024-49065
Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Microsoft Office Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2024-49064
Disclosure Date: December 12, 2024 (last updated January 13, 2025)
Microsoft SharePoint Information Disclosure Vulnerability
0
