| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-45710 | SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | SolarWinds | SolarWinds Platform | High | 7.8 | 2024-10-16 07:16:38 | Deep Dive |
| CVE-2024-9634 | GiveWP – Donation Plugin and Fundraising Platform <= 3.16.3 - Unauthenticated PHP Object Injection to Remote Code Execution | stellarwp | GiveWP – Donation Plugin and Fundraising Platform | Critical | 9.8 | 2024-10-16 02:05:09 | Deep Dive |
| CVE-2024-38190 | Power Platform Information Disclosure Vulnerability | Microsoft | Microsoft Power Platform | High | 8.6 | 2024-10-15 22:46:39 | Deep Dive |
| CVE-2024-9676 | Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos) | - | - | Medium | 6.5 | 2024-10-15 15:27:34 | Deep Dive |
| CVE-2024-9979 | Pyo3: risk of use-after-free in `borrowed` reads from python weak references | - | - | Medium | 5.3 | 2024-10-15 14:01:54 | Deep Dive |
| CVE-2024-9982 | ESi Technology AIM LINE Marketing Platform - SQL Injection | ESi Technology | AIM LINE Marketing Platform | Critical | 9.8 | 2024-10-15 08:04:36 | Deep Dive |
| CVE-2024-30117 | HCL BigFix Platform is affected by a DLL Hijack vulnerability | HCL Software | BigFix Platform | Low | 2.5 | 2024-10-14 22:55:57 | Deep Dive |
| CVE-2024-45737 | Maintenance mode state change of App Key Value Store (KVStore) through Cross-Site Request Forgery (CSRF) | Splunk | Splunk Enterprise | Medium | 4.3 | 2024-10-14 17:03:37 | Deep Dive |
| CVE-2024-45732 | Low-privileged user could run search as nobody in SplunkDeploymentServerConfig app | Splunk | Splunk Enterprise | High | 7.1 | 2024-10-14 17:03:36 | Deep Dive |
| CVE-2024-45736 | Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon | Splunk | Splunk Enterprise | Medium | 6.5 | 2024-10-14 17:03:35 | Deep Dive |
| CVE-2024-45741 | Persistent Cross-Site Scripting (XSS) via props.conf on Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.4 | 2024-10-14 17:03:34 | Deep Dive |
| CVE-2024-45740 | Persistent Cross-Site Scripting (XSS) through Scheduled Views on Splunk Enterprise | Splunk | Splunk Enterprise | Medium | 5.4 | 2024-10-14 17:03:29 | Deep Dive |
| CVE-2024-3656 | Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities | - | - | High | 8.1 | 2024-10-09 18:59:11 | Deep Dive |
| CVE-2024-9675 | Buildah: buildah allows arbitrary directory mount | - | - | High | 7.8 | 2024-10-09 14:32:12 | Deep Dive |
| CVE-2024-9671 | System: pdf invoices of the developer users can be seen if the url is known | - | - | Medium | 5.3 | 2024-10-09 14:32:11 | Deep Dive |
| CVE-2024-9286 | SQLi in TRtek Software's Distant Education Platform | TRtek Software | Distant Education Platform | - | - | 2024-10-09 13:13:44 | Deep Dive |
| CVE-2024-35215 | Blackberry QNX Software Development Platform 安全漏洞 | BlackBerry | QNX Software Development Platform (SDP) | Medium | 6.2 | 2024-10-08 17:35:57 | Deep Dive |
| CVE-2024-9622 | Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4 | - | - | Medium | 5.3 | 2024-10-08 16:26:13 | Deep Dive |
| CVE-2024-9620 | Event-driven automation in ansible automation platform (aap): ansible event-driven automation (eda) lacks encryption | - | - | Medium | 5.3 | 2024-10-08 16:25:40 | Deep Dive |
| CVE-2024-8215 | Payload Injection Attack via Management REST interface | Payara Platform | Payara Server | - | - | 2024-10-08 15:17:10 | Deep Dive |