|
11
|
- |
|
-
|
-
|
A vulnerability has been found in SourceCodester Online Timesheet App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /endpoint/add-timesheet.php of the compone…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9320
|
2024-09-29 09:15 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, was found in SourceCodester Online Timesheet App 1.0. This affects an unknown part of the file /endpoint/delete-timesheet.php. The manipulation of t…
New
|
-
|
CVE-2024-9319
|
2024-09-29 09:15 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
4.8 |
MEDIUM
Network
|
decidim
|
decidim
|
decidim is a Free Open-Source participatory democracy, citizen participation and open government for cities and organizations. The admin panel is subject to potential Cross-site scripting (XSS) attac…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-32034
|
2024-09-29 09:14 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
5.9 |
MEDIUM
Network
|
alf
|
alf
|
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of…
Update
|
CWE-362
Race Condition
|
CVE-2024-45300
|
2024-09-29 09:08 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
5.3 |
MEDIUM
Network
phoenixcontact
|
tc_mguard_rs4000_4g_vzw_vpn_firmware
tc_mguard_rs4000_4g_vpn_firmware
tc_mguard_rs4000_4g_att_vpn_firmware
tc_mguard_rs4000_3g_vpn_firmware
tc_mguard_rs2000_4g_vzw_vpn_firmware
tc_mgua…
|
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. T…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-7734
|
2024-09-29 08:56 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
16
|
8.8 |
HIGH
Network
|
qnap
|
music_station
|
An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have …
Update
|
CWE-287
Improper Authentication
|
CVE-2023-45038
|
2024-09-29 08:51 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
8.8 |
HIGH
Network
|
qnap
|
video_station
|
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fi…
Update
|
CWE-78
CWE-77
OS Command
Command Injection
|
CVE-2023-47563
|
2024-09-29 08:47 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
8.8 |
HIGH
Network
|
qnap
|
video_station
|
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed…
Update
|
CWE-89
SQL Injection
|
CVE-2023-50360
|
2024-09-29 08:44 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in SourceCodester Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/ac…
New
|
CWE-89
SQL Injection
|
CVE-2024-9318
|
2024-09-29 08:15 |
2024-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
- |
|
-
|
-
|
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see …
Update
|
CWE-524
CWE-922
Use of Cache Containing Sensitive Information
Insecure Storage of Sensitive Information
|
CVE-2024-33004
|
2024-09-29 08:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
