Security Vulnerabilities - CVEs Published In November 2024
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVSS Score
7.3
EPSS Score
0.209
Published
2024-11-26
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases.
CVSS Score
7.3
EPSS Score
0.0
Published
2024-11-26
A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
6.9
EPSS Score
0.0
Published
2024-11-26
A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.7
EPSS Score
0.001
Published
2024-11-26
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.2
EPSS Score
0.018
Published
2024-11-26
Microsoft Dynamics 365 Sales Spoofing Vulnerability
CVSS Score
7.6
EPSS Score
0.002
Published
2024-11-26
CVE-2024-49035
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
Known exploited
CVSS Score
8.7
EPSS Score
0.062
Published
2024-11-26
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.
CVSS Score
9.3
EPSS Score
0.002
Published
2024-11-26
Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5.
CVSS Score
9.3
EPSS Score
0.035
Published
2024-11-26
A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-26