2511
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML p…
|
NVD-CWE-noinfo
|
CVE-2024-8906
|
2024-09-24 02:38 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2512
|
6.1 |
MEDIUM
Network
|
mojoportal
|
mojoportal
|
Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
|
CWE-79
Cross-site Scripting
|
CVE-2023-44012
|
2024-09-24 02:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2513
|
9.8 |
CRITICAL
Network
mojoportal
|
mojoportal
|
An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.
|
NVD-CWE-noinfo
|
CVE-2023-44011
|
2024-09-24 02:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2514
|
5.3 |
MEDIUM
Network
rami
|
pretix
|
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to…
|
NVD-CWE-noinfo
|
CVE-2023-44463
|
2024-09-24 02:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2515
|
8.8 |
HIGH
Network
|
superstorefinder
|
super_store_finder
|
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
|
CWE-74
Injection
|
CVE-2023-43835
|
2024-09-24 02:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2516
|
7.8 |
HIGH
Local
|
optipng_project
|
optipng
|
OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.
|
CWE-120
Classic Buffer Overflow
|
CVE-2023-43907
|
2024-09-24 02:35 |
2023-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2517
|
8.8 |
HIGH
Network
|
cambiumnetworks
|
enterprise_wi-fi
|
Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.
|
NVD-CWE-noinfo
|
CVE-2022-35908
|
2024-09-24 02:35 |
2023-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2518
|
8.8 |
HIGH
Network
|
microsoft
|
sql_2016_azure_connect_feature_pack sql_server_2016 sql_server_2017 sql_server_2019 sql_server_2022
|
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-37339
|
2024-09-24 02:34 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2519
|
8.8 |
HIGH
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43489
|
2024-09-24 02:33 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2520
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-38221
|
2024-09-24 02:33 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|