1141
|
8.8 |
HIGH
Network
|
nozominetworks
|
cmc guardian
|
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL stat…
|
CWE-89
SQL Injection
|
CVE-2023-23574
|
2024-10-1 04:30 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1142
|
7.5 |
HIGH
Network
kastle
|
access_control_system_firmware
|
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-45861
|
2024-10-1 04:25 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1143
|
9.8 |
CRITICAL
Network
-
|
-
|
Rejected reason: Duplicate of CVE-2024-45806.
|
-
|
CVE-2024-7207
|
2024-10-1 04:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1144
|
9.8 |
CRITICAL
Network
github
|
enterprise_server
|
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation met…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-6800
|
2024-10-1 04:14 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1145
|
5.3 |
MEDIUM
Network
coffee2code
|
custom_post_limits
|
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files wit…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-6544
|
2024-10-1 04:12 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1146
|
6.5 |
MEDIUM
Network
|
moxa
|
mxview_one
|
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of s…
|
CWE-22
Path Traversal
|
CVE-2024-6786
|
2024-10-1 03:31 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1147
|
4.3 |
MEDIUM
Network
|
cilium
|
cilium
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoute…
|
CWE-436
Interpretation Conflict
|
CVE-2024-42487
|
2024-10-1 03:31 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1148
|
8.8 |
HIGH
Network
|
givewp
|
givewp
|
Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1.
|
CWE-352
Origin Validation Error
|
CVE-2024-47315
|
2024-10-1 03:06 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1149
|
8.8 |
HIGH
Network
|
lobehub
|
lobe_chat
|
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redi…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47066
|
2024-10-1 03:03 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1150
|
5.9 |
MEDIUM
Network
|
moxa
|
mxview_one
|
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbi…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2024-6787
|
2024-10-1 03:02 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|