2001
|
7.8 |
HIGH
Local
|
zoom
|
zoom video_software_development_kit meeting_software_development_kit virtual_desktop_infrastructure
|
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of p…
|
NVD-CWE-noinfo
|
CVE-2023-49647
|
2024-09-21 00:15 |
2024-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2002
|
6.5 |
MEDIUM
Network
|
zoom
|
zoom virtual_desktop_infrastructure meeting_software_development_kit video_software_development_kit
|
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
|
CWE-287
Improper Authentication
|
CVE-2023-49646
|
2024-09-21 00:15 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2003
|
6.5 |
MEDIUM
Network
|
zoom
|
meetings virtual_desktop_infrastructure zoom
|
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
|
NVD-CWE-Other
|
CVE-2023-43588
|
2024-09-21 00:15 |
2023-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2004
|
7.5 |
HIGH
Network
litellm
|
litellm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/c…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-6587
|
2024-09-20 23:55 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2005
|
9.8 |
CRITICAL
Network
thinkphp
|
thinkphp
|
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44902
|
2024-09-20 23:55 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2006
|
9.1 |
CRITICAL
Network
baxter
|
connex_health_portal
|
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex po…
|
NVD-CWE-noinfo
|
CVE-2024-6796
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2007
|
9.8 |
CRITICAL
Network
baxter
|
connex_health_portal
|
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.…
|
CWE-89
SQL Injection
|
CVE-2024-6795
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2008
|
9.8 |
CRITICAL
Network
sfs
|
winsure
|
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.
|
CWE-94
Code Injection
|
CVE-2024-7104
|
2024-09-20 23:44 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2009
|
- |
|
-
|
-
|
runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audi…
|
-
|
CVE-2024-46959
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2010
|
- |
|
-
|
-
|
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38…
|
-
|
CVE-2024-45523
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|