1761
|
4.8 |
MEDIUM
Network
|
eladmin
|
eladmin
|
eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44676
|
2024-09-26 04:20 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1762
|
9.8 |
CRITICAL
Network
eladmin
|
eladmin
|
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-44677
|
2024-09-26 04:19 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1763
|
8.8 |
HIGH
Network
|
microsoft
|
dynamics_365_business_central
|
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
|
NVD-CWE-noinfo
|
CVE-2024-43460
|
2024-09-26 04:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1764
|
4.6 |
MEDIUM
Physics
|
hathway
|
skyworth_cm5100-511_firmware
|
Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-44815
|
2024-09-26 04:17 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1765
|
8.8 |
HIGH
Network
|
hfo4
|
shudong-share
|
A vulnerability was found in HFO4 shudong-share 2.4.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /includes/fileReceive.php of the compon…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-8338
|
2024-09-26 04:12 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1766
|
5.3 |
MEDIUM
Network
getastra
|
wp_hardening
|
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular ex…
|
CWE-697
Incorrect Comparison
|
CVE-2024-6641
|
2024-09-26 04:07 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1767
|
6.1 |
MEDIUM
Network
|
svelte
|
svelte
|
svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The as…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45047
|
2024-09-26 04:06 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1768
|
6.1 |
MEDIUM
Network
|
elizsoftware
|
panel
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Reflected XSS.This issue affects Panel: before v2.3.24.
|
CWE-79
Cross-site Scripting
|
CVE-2024-6877
|
2024-09-26 03:57 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1769
|
6.2 |
MEDIUM
Local
|
redhat
|
libvirt
|
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-8235
|
2024-09-26 03:56 |
2024-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1770
|
9.8 |
CRITICAL
Network
elizsoftware
|
panel
|
Plaintext Storage of a Password vulnerability in Eliz Software Panel allows : Use of Known Domain Credentials.This issue affects Panel: before v2.3.24.
|
CWE-256
Plaintext Storage of a Password
|
CVE-2024-5960
|
2024-09-26 03:55 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|