|
11
|
- |
|
-
|
-
|
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
New
|
-
|
CVE-2024-9333
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
- |
|
-
|
-
|
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
New
|
-
|
CVE-2024-9174
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
- |
|
-
|
-
|
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to…
New
|
-
|
CVE-2024-7315
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
- |
|
-
|
-
|
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.
New
|
-
|
CVE-2024-44610
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
9.8 |
CRITICAL
Network
-
|
-
|
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-1083
|
2024-10-2 15:15 |
2024-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
16
|
5.3 |
MEDIUM
Local
|
wago
|
compact_controller_100_firmware
edge_controller_firmware
pfc100_firmware
pfc200_firmware
touch_panel_600_advanced_firmware
touch_panel_600_marine_firmware
touch_panel_600_standard_f…
|
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privile…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2023-3379
|
2024-10-2 15:15 |
2023-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
8.8 |
HIGH
Network
|
codesys
|
development_system
|
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received…
Update
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2023-3663
|
2024-10-2 15:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
8.8 |
HIGH
Network
|
taphome
|
core_firmware
|
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2023-2759
|
2024-10-2 15:15 |
2023-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
4.3 |
MEDIUM
Network
|
mbconnectline
|
mbconnect24
mymbconnect24
|
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authori…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2023-1779
|
2024-10-2 15:15 |
2023-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
4.9 |
MEDIUM
Network
|
wago
|
750-331_firmware
750-8202_firmware
750-8202\/000-011_firmware
750-8202\/000-012_firmware
750-8202\/000-022_firmware
750-8202\/025-000_firmware
750-8202\/025-001_firmware
750-8202…
|
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
Update
|
CWE-1288
Improper Validation of Consistency within Input
|
CVE-2023-1620
|
2024-10-2 15:15 |
2023-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
