2391
|
6.1 |
MEDIUM
Network
|
intumit
|
smartrobot_firmware
|
SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting at…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8776
|
2024-09-21 01:38 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2392
|
2.4 |
LOW
Adjacent
|
qnap
|
qts quts_hero
|
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local networ…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-32771
|
2024-09-21 01:38 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2393
|
7.5 |
HIGH
Network
mfasoft
|
secure_authentication_server
|
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows re…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-46937
|
2024-09-21 01:37 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2394
|
9.8 |
CRITICAL
Network
apache
|
seata
|
Deserialization of Untrusted Data vulnerability in Apache Seata.
When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct unco…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-22399
|
2024-09-21 01:37 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2395
|
7.5 |
HIGH
Network
yeti-platform
|
yeti
|
Yeti bridges the gap between CTI and DFIR practitioners by providing a Forensics Intelligence platform and pipeline. Remote user-controlled data tags can reach a Unicode normalization with a compatib…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-45412
|
2024-09-21 01:32 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2396
|
7.5 |
HIGH
Network
openjsf
|
body-parser
|
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood th…
|
NVD-CWE-noinfo
|
CVE-2024-45590
|
2024-09-21 01:26 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2397
|
2.7 |
LOW
Network
|
fortinet
|
fortiedrmanager
|
An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permiss…
|
NVD-CWE-Other
|
CVE-2024-45323
|
2024-09-21 01:23 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2398
|
9.8 |
CRITICAL
Network
omniauth
|
omniauth_saml
|
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data wit…
|
CWE-287
Improper Authentication
|
CVE-2017-11430
|
2024-09-21 01:21 |
2019-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2399
|
5.3 |
MEDIUM
Network
|
lizardbyte
|
sunshine
|
Sunshine is a self-hosted game stream host for Moonlight. Clients that experience a MITM attack during the pairing process may inadvertantly allow access to an unintended client rather than failing a…
|
NVD-CWE-noinfo
|
CVE-2024-45407
|
2024-09-21 01:18 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2400
|
4.7 |
MEDIUM
Network
|
openjsf
|
express
|
Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43796
|
2024-09-21 01:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|