91
|
- |
|
-
|
-
|
TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit f…
New
|
-
|
CVE-2024-46097
|
2024-09-28 05:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
92
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php.
New
|
-
|
CVE-2024-25411
|
2024-09-28 05:35 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
93
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function.
New
|
-
|
CVE-2024-40508
|
2024-09-28 05:35 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
94
|
8.0 |
HIGH
Adjacent
|
tp-link
|
archer_ax50_firmware archer_a10_firmware archer_ax10_firmware archer_ax11000_firmware
|
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer A…
Update
|
CWE-78
OS Command
|
CVE-2023-40357
|
2024-09-28 05:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
95
|
5.4 |
MEDIUM
Network
|
isarnet
|
isarflow
|
A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the dashboa…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-34637
|
2024-09-28 05:35 |
2023-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
96
|
- |
|
-
|
-
|
An input validation vulnerability exists in the Rockwell Automation Sequence Manager™ which could allow a malicious user to send malformed packets to the server and cause a denial-of-service conditio…
New
|
-
|
CVE-2024-6436
|
2024-09-28 05:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
97
|
- |
|
-
|
-
|
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
Update
|
-
|
CVE-2024-24698
|
2024-09-28 05:15 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
98
|
6.5 |
MEDIUM
Network
|
zoom
|
meeting_software_development_kit video_software_development_kit zoom
|
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
Update
|
NVD-CWE-Other
|
CVE-2023-43585
|
2024-09-28 05:15 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
99
|
7.8 |
HIGH
Local
|
zoom
|
rooms
|
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
Update
|
NVD-CWE-noinfo
|
CVE-2023-43591
|
2024-09-28 05:15 |
2023-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
100
|
6.5 |
MEDIUM
Network
|
zoom
|
meeting_software_development_kit zoom virtual_desktop_infrastructure
|
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
Update
|
CWE-287
Improper Authentication
|
CVE-2023-39215
|
2024-09-28 05:15 |
2023-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|