681
|
7.5 |
HIGH
Network
gitlab
|
gitlab
|
A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 b…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2023-0121
|
2024-10-3 16:15 |
2023-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
682
|
4.3 |
MEDIUM
Network
|
gitlab
|
gitlab
|
A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue descr…
Update
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2023-0921
|
2024-10-3 16:15 |
2023-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
683
|
7.8 |
HIGH
Local
|
cisco
|
ios_xr
|
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device.
T…
Update
|
CWE-78
OS Command
|
CVE-2024-20398
|
2024-10-3 10:47 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
684
|
7.2 |
HIGH
Network
|
cisco
|
ios_xr
|
Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacke…
Update
|
CWE-78
OS Command
|
CVE-2024-20483
|
2024-10-3 10:44 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
685
|
5.5 |
MEDIUM
Local
|
cisco
|
ios_xr
|
A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.
This vulnerabilit…
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-20489
|
2024-10-3 10:40 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
686
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
Update
|
CWE-78
OS Command
|
CVE-2024-8686
|
2024-10-3 10:35 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
687
|
4.4 |
MEDIUM
Local
|
paloaltonetworks
|
cortex_xdr_agent
|
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leverag…
Update
|
NVD-CWE-Other
|
CVE-2024-8690
|
2024-10-3 10:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
688
|
8.8 |
HIGH
Network
|
woodpecker-ci
|
woodpecker
|
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead t…
Update
|
NVD-CWE-noinfo
|
CVE-2024-41122
|
2024-10-3 10:23 |
2024-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
689
|
9.6 |
CRITICAL
Network
|
vnote_project
|
vnote
|
VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking applicati…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-41662
|
2024-10-3 10:12 |
2024-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
690
|
7.8 |
HIGH
Local
|
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8316
|
2024-10-3 10:01 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|