621
|
8.4 |
HIGH
Local
|
motorola
|
ebts_site_controller_firmware mbts_site_controller_firmware
|
Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception…
Update
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2023-23774
|
2024-10-3 23:15 |
2023-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
622
|
9.8 |
CRITICAL
Network
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
Update
|
CWE-77
Command Injection
|
CVE-2024-7575
|
2024-10-3 22:52 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
623
|
9.8 |
CRITICAL
Network
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-7576
|
2024-10-3 22:51 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
624
|
8.1 |
HIGH
Network
|
prestashop
|
prestashop
|
An issue in Prestashop v.8.1.7 and before allows a remote attacker to execute arbitrary code via the module upgrade functionality.
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-41651
|
2024-10-3 22:45 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
625
|
7.5 |
HIGH
Network
cisco
|
ios ios_xe
|
A vulnerability in the Resource Reservation Protocol (RSVP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to relo…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-20433
|
2024-10-3 22:34 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
626
|
9.8 |
CRITICAL
Network
tduckcloud
|
tduckpro
|
A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The at…
Update
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2024-8692
|
2024-10-3 22:17 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
627
|
- |
|
-
|
-
|
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, …
Update
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-3727
|
2024-10-3 22:15 |
2024-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
628
|
- |
|
-
|
-
|
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin.
The attackers can modify helium.json and exposure XSS attacks to normal users.
This issue affects Apache Zeppelin: from 0.8.…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-31868
|
2024-10-3 22:15 |
2024-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
629
|
- |
|
-
|
-
|
HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
U…
Update
|
-
|
CVE-2024-24795
|
2024-10-3 22:15 |
2024-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
630
|
- |
|
-
|
-
|
Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8
Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-50378
|
2024-10-3 22:15 |
2024-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|