Show filters
653 Total Results
Displaying 51-60 of 653
Sort by:
Attacker Value
Unknown

CVE-2024-8300

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
0
Attacker Value
Unknown

CVE-2024-8299

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products.
0
Attacker Value
Unknown

CVE-2024-11431

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ragic' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Attacker Value
Unknown

CVE-2024-38658

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
0
Attacker Value
Unknown

CVE-2024-38389

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
0
Attacker Value
Unknown

CVE-2024-38309

Disclosure Date: November 28, 2024 (last updated February 27, 2025)
There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed.
0
Attacker Value
Unknown

CVE-2024-7026

Disclosure Date: November 21, 2024 (last updated February 27, 2025)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software allows SQL Injection, Blind SQL Injection.This issue affects Closed Circuit Vehicle Tracking Software: through 21.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
0
Attacker Value
Unknown

CVE-2024-52402

Disclosure Date: November 19, 2024 (last updated February 27, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0.
0
Attacker Value
Unknown

CVE-2024-51937

Disclosure Date: November 19, 2024 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Information Analytics IA Map Analytics Basic allows DOM-Based XSS.This issue affects IA Map Analytics Basic: from n/a through 20170413.
0
Attacker Value
Unknown

CVE-2024-8074

Disclosure Date: November 12, 2024 (last updated February 27, 2025)
Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024.
0