2661
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 al…
|
NVD-CWE-noinfo
|
CVE-2024-31490
|
2024-09-21 04:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2662
|
4.6 |
MEDIUM
Physics
|
fortinet
|
forticlient
|
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions m…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-35282
|
2024-09-21 04:44 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2663
|
3.7 |
LOW
Network
|
fortinet
|
fortiadc
|
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2…
|
NVD-CWE-noinfo
|
CVE-2024-36511
|
2024-09-21 04:43 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2664
|
7.1 |
HIGH
Local
|
citrix
|
workspace
|
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privilege…
|
CWE-863
Incorrect Authorization
|
CVE-2024-42423
|
2024-09-21 04:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2665
|
8.1 |
HIGH
Network
|
fortinet
|
forticlient
|
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 thr…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-31489
|
2024-09-21 04:41 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2666
|
7.8 |
HIGH
Local
|
sonicwall
|
netextender
|
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running…
|
NVD-CWE-noinfo
|
CVE-2023-44217
|
2024-09-21 04:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2667
|
9.8 |
CRITICAL
Network
sandhillsdev
|
easy_digital_downloads
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a t…
|
CWE-89
SQL Injection
|
CVE-2024-5057
|
2024-09-21 04:31 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2668
|
5.3 |
MEDIUM
Network
conduit
|
conduit
|
Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction
|
CWE-459
Incomplete Cleanup
|
CVE-2024-6300
|
2024-09-21 04:28 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2669
|
3.7 |
LOW
Network
|
conduit
|
conduit
|
Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with times…
|
NVD-CWE-Other
|
CVE-2024-6299
|
2024-09-21 04:24 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2670
|
3.7 |
LOW
Network
|
spa-cart
|
spa-cartcms
|
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the a…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-6129
|
2024-09-21 04:21 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|