|
181
|
7.8 |
HIGH
Local
|
zoom
|
zoom
video_software_development_kit
meeting_software_development_kit
virtual_desktop_infrastructure
|
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of p…
Update
|
NVD-CWE-noinfo
|
CVE-2023-49647
|
2024-09-21 00:15 |
2024-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
182
|
6.5 |
MEDIUM
Network
|
zoom
|
zoom
virtual_desktop_infrastructure
meeting_software_development_kit
video_software_development_kit
|
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
Update
|
CWE-287
Improper Authentication
|
CVE-2023-49646
|
2024-09-21 00:15 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
183
|
6.5 |
MEDIUM
Network
|
zoom
|
meetings
virtual_desktop_infrastructure
zoom
|
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
Update
|
NVD-CWE-Other
|
CVE-2023-43588
|
2024-09-21 00:15 |
2023-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
184
|
7.5 |
HIGH
Network
litellm
|
litellm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/c…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-6587
|
2024-09-20 23:55 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
185
|
9.8 |
CRITICAL
Network
thinkphp
|
thinkphp
|
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44902
|
2024-09-20 23:55 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
186
|
9.1 |
CRITICAL
Network
baxter
|
connex_health_portal
|
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex po…
Update
|
NVD-CWE-noinfo
|
CVE-2024-6796
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
187
|
9.8 |
CRITICAL
Network
baxter
|
connex_health_portal
|
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.…
Update
|
CWE-89
SQL Injection
|
CVE-2024-6795
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
188
|
9.8 |
CRITICAL
Network
sfs
|
winsure
|
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.
Update
|
CWE-94
Code Injection
|
CVE-2024-7104
|
2024-09-20 23:44 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
189
|
7.8 |
HIGH
Local
|
ui
|
unifi_network_application
|
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell acces…
Update
|
CWE-77
Command Injection
|
CVE-2024-42025
|
2024-09-20 23:40 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
190
|
- |
|
-
|
-
|
runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audi…
Update
|
-
|
CVE-2024-46959
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
