1001
|
4.3 |
MEDIUM
Network
|
github
|
enterprise_server
|
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository. This was …
|
CWE-863
Incorrect Authorization
|
CVE-2024-7711
|
2024-09-28 03:17 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1002
|
6.5 |
MEDIUM
Network
|
lucasgarcia
|
posts_reminder
|
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-8093
|
2024-09-28 03:16 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1003
|
7.5 |
HIGH
Network
juniper
|
junos junos_os_evolved
|
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial o…
|
CWE-20
Improper Input Validation
|
CVE-2023-4481
|
2024-09-28 03:15 |
2023-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1004
|
6.5 |
MEDIUM
Network
|
elliot
|
ilc_thickbox
|
The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-7820
|
2024-09-28 03:08 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1005
|
9.1 |
CRITICAL
Network
matter-labs
|
zkvyper
|
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit conditio…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2024-43366
|
2024-09-28 03:08 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1006
|
6.1 |
MEDIUM
Network
|
gwycon
|
quick_code
|
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XS…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7822
|
2024-09-28 03:06 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1007
|
6.5 |
MEDIUM
Network
|
visual_sound_project
|
visual_sound
|
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
|
CWE-352
Origin Validation Error
|
CVE-2024-7859
|
2024-09-28 03:00 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1008
|
8.8 |
HIGH
Network
|
dedebiz
|
dedebiz
|
A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment S…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7906
|
2024-09-28 02:54 |
2024-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1009
|
9.1 |
CRITICAL
Network
centurysys
|
futurenet_nxr-1300_firmware futurenet_nxr-g050_firmware futurenet_nxr-610x_firmware futurenet_vxr-x64 futurenet_vxr-x86 futurenet_nxr-g060_firmware futurenet_nxr-g100_firmware fu…
|
Initialization of a resource with an insecure default vulnerability in FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allows a remote unauthenticated attacker t…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2024-31070
|
2024-09-28 02:54 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1010
|
8.8 |
HIGH
Network
|
centurysys
|
futurenet_nxr-1300_firmware futurenet_nxr-g050_firmware futurenet_nxr-610x_firmware futurenet_vxr-x64 futurenet_vxr-x86 futurenet_nxr-g060_firmware futurenet_nxr-g100_firmware fu…
|
FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the prod…
|
CWE-78
OS Command
|
CVE-2024-36475
|
2024-09-28 02:50 |
2024-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|