151
|
- |
|
-
|
-
|
Advantech ADAM 5550's web application includes a "logs" page where all
the HTTP requests received are displayed to the user. The device doesn't
correctly neutralize malicious code when parsing HTTP…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-38308
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
152
|
- |
|
-
|
-
|
Advantech ADAM-5550 share user credentials with a low level of encryption, consisting of base 64 encoding.
New
|
CWE-261
Weak Encoding for Password
|
CVE-2024-37187
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
153
|
- |
|
-
|
-
|
Advantech ADAM-5630 shares user credentials plain text between the device and the user source device during the login process.
New
|
CWE-261
Weak Encoding for Password
|
CVE-2024-34542
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
154
|
- |
|
-
|
-
|
Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same
origin policy, which is designed to prevent different websites fro…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-28948
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
155
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field.
New
|
-
|
CVE-2024-25412
|
2024-09-28 03:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
156
|
7.5 |
HIGH
Network
juniper
|
junos junos_os_evolved
|
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial o…
Update
|
CWE-20
Improper Input Validation
|
CVE-2023-4481
|
2024-09-28 03:15 |
2023-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
157
|
6.5 |
MEDIUM
Network
|
elliot
|
ilc_thickbox
|
The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-7820
|
2024-09-28 03:08 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
158
|
9.1 |
CRITICAL
Network
matter-labs
|
zkvyper
|
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit conditio…
Update
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2024-43366
|
2024-09-28 03:08 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
159
|
6.1 |
MEDIUM
Network
|
gwycon
|
quick_code
|
The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XS…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-7822
|
2024-09-28 03:06 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
160
|
6.5 |
MEDIUM
Network
|
visual_sound_project
|
visual_sound
|
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-7859
|
2024-09-28 03:00 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|