961
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write sen…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7672
|
2024-10-8 03:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
962
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitra…
Update
|
CWE-416
Use After Free
|
CVE-2024-7675
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
963
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or e…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7674
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
964
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or ex…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7673
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
965
|
7.8 |
HIGH
Local
|
autodesk
|
navisworks
|
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, can force an Out-of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, write se…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-7671
|
2024-10-8 03:34 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
966
|
6.1 |
MEDIUM
Network
|
zimbra
|
collaboration
|
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-45207
|
2024-10-8 03:31 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
967
|
6.1 |
MEDIUM
Network
|
zimbra
|
collaboration
|
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scr…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-45206
|
2024-10-8 03:27 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
968
|
9.8 |
CRITICAL
Network
redefiningtheweb
|
affiliate_pro
|
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. This is due to the rtwwwap_login_request_callbac…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-9289
|
2024-10-8 03:25 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
969
|
8.8 |
HIGH
Network
|
pixelite
|
events_manager
|
Missing Authorization vulnerability in Pixelite Events Manager.This issue affects Events Manager: from n/a through 6.4.6.4.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30515
|
2024-10-8 03:16 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
970
|
- |
|
-
|
-
|
Missing Authentication - User & System Configuration
New
|
-
|
CVE-2024-47555
|
2024-10-8 03:15 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|