2581
|
9.8 |
CRITICAL
Network
microsoft
|
windows_10_1809 windows_server_2019 windows_server_2022 windows_11_21h2 windows_10_21h2 windows_11_22h2 windows_10_22h2 windows_11_23h2 windows_server_2022_23h2 windows_11_…
|
Windows TCP/IP Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-21416
|
2024-09-21 03:55 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2582
|
5.5 |
MEDIUM
Local
|
conduit
|
conduit
|
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to sen…
|
NVD-CWE-Other
|
CVE-2024-6302
|
2024-09-21 03:42 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2583
|
5.4 |
MEDIUM
Network
|
librenms
|
librenms
|
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
|
CWE-79
Cross-site Scripting
|
CVE-2023-4979
|
2024-09-21 03:35 |
2023-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2584
|
8.8 |
HIGH
Network
|
conduit
|
conduit
|
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias t…
|
CWE-862
Missing Authorization
|
CVE-2024-6303
|
2024-09-21 03:34 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2585
|
8.8 |
HIGH
Network
|
brainstormforce
|
pre-publish_checklist
|
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1.
|
CWE-862
Missing Authorization
|
CVE-2023-44151
|
2024-09-21 03:17 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2586
|
7.5 |
HIGH
Network
sitecore
|
experience_commerce experience_platform experience_manager
|
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can r…
|
NVD-CWE-noinfo
|
CVE-2024-46938
|
2024-09-21 03:15 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2587
|
- |
|
-
|
-
|
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. IBM X-Force ID: 259671.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2023-37396
|
2024-09-21 03:15 |
2024-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2588
|
7.5 |
HIGH
Network
ibm
|
aspera_faspex
|
IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP restrictions due to improper access controls. IBM X-Force ID: 259649.
|
CWE-291
|
CVE-2023-35906
|
2024-09-21 03:15 |
2023-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2589
|
4.9 |
MEDIUM
Network
|
misp
|
misp
|
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
|
CWE-863
Incorrect Authorization
|
CVE-2024-46918
|
2024-09-21 03:14 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2590
|
6.5 |
MEDIUM
Network
|
litellm
|
litellm
|
berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, up…
|
NVD-CWE-noinfo
|
CVE-2024-5710
|
2024-09-21 03:04 |
2024-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|