2061
|
8.1 |
HIGH
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-31415
|
2024-09-20 03:50 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2062
|
6.1 |
MEDIUM
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-31414
|
2024-09-20 03:48 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2063
|
5.4 |
MEDIUM
Network
|
joomunited
|
wp_meta_seo
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through …
|
CWE-79
Cross-site Scripting
|
CVE-2024-45456
|
2024-09-20 03:38 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2064
|
8.1 |
HIGH
Network
|
lunary
|
lunary
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create pro…
|
CWE-352
Origin Validation Error
|
CVE-2024-6862
|
2024-09-20 03:37 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2065
|
5.3 |
MEDIUM
Network
mediawiki
|
mediawiki
|
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Spe…
|
NVD-CWE-noinfo
|
CVE-2023-45374
|
2024-09-20 03:35 |
2023-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2066
|
5.3 |
MEDIUM
Network
mediawiki
|
mediawiki
|
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have a…
|
NVD-CWE-noinfo
|
CVE-2023-45372
|
2024-09-20 03:35 |
2023-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2067
|
5.3 |
MEDIUM
Network
mediawiki
|
mediawiki
|
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:Sp…
|
NVD-CWE-noinfo
|
CVE-2023-45370
|
2024-09-20 03:35 |
2023-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2068
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed
|
CWE-862
Missing Authorization
|
CVE-2023-40654
|
2024-09-20 03:35 |
2023-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2069
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access righ…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2024-6867
|
2024-09-20 03:28 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2070
|
9.8 |
CRITICAL
Network
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-45159
|
2024-09-20 03:26 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|