31
|
6.1 |
MEDIUM
Network
|
damienharper
|
auditor-bundle
|
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45592
|
2024-09-21 04:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
5.3 |
MEDIUM
Network
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the pa…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-45591
|
2024-09-21 04:55 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
33
|
7.3 |
HIGH
Network
fortinet
|
forticlient_enterprise_management_server
|
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthe…
Update
|
CWE-77
Command Injection
|
CVE-2024-33508
|
2024-09-21 04:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
34
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 al…
Update
|
NVD-CWE-noinfo
|
CVE-2024-31490
|
2024-09-21 04:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
4.6 |
MEDIUM
Physics
|
fortinet
|
forticlient
|
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions m…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-35282
|
2024-09-21 04:44 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
3.7 |
LOW
Network
|
fortinet
|
fortiadc
|
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2…
Update
|
NVD-CWE-noinfo
|
CVE-2024-36511
|
2024-09-21 04:43 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
7.1 |
HIGH
Local
|
citrix
|
workspace
|
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privilege…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-42423
|
2024-09-21 04:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
8.1 |
HIGH
Network
|
fortinet
|
forticlient
|
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 thr…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2024-31489
|
2024-09-21 04:41 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
- |
|
-
|
-
|
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. Howeve…
New
|
-
|
CVE-2024-45229
|
2024-09-21 04:35 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
7.8 |
HIGH
Local
|
sonicwall
|
netextender
|
A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running…
Update
|
NVD-CWE-noinfo
|
CVE-2023-44217
|
2024-09-21 04:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|