|
61
|
5.5 |
MEDIUM
Local
|
ibm
|
aix
vios
|
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.
Update
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2023-40371
|
2024-09-21 04:15 |
2023-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
6.5 |
MEDIUM
Network
|
brainstormforce
|
starter_templates
|
Missing Authorization vulnerability in Brainstorm Force Premium Starter Templates, Brainstorm Force Starter Templates astra-sites.This issue affects Premium Starter Templates: from n/a through 3.2.5;…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-41805
|
2024-09-21 04:07 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
8.8 |
HIGH
Network
|
brainstormforce
|
astra
|
Missing Authorization vulnerability in Brainstorm Force Astra Bulk Edit.This issue affects Astra Bulk Edit: from n/a through 1.2.7.
Update
|
CWE-862
Missing Authorization
|
CVE-2023-44148
|
2024-09-21 04:05 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
7.5 |
HIGH
Network
conduit
|
conduit
|
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs
Update
|
CWE-346
Origin Validation Error
|
CVE-2024-6301
|
2024-09-21 03:58 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
65
|
9.8 |
CRITICAL
Network
microsoft
|
windows_10_1809
windows_server_2019
windows_server_2022
windows_11_21h2
windows_10_21h2
windows_11_22h2
windows_10_22h2
windows_11_23h2
windows_server_2022_23h2
windows_11_…
|
Windows TCP/IP Remote Code Execution Vulnerability
Update
|
NVD-CWE-noinfo
|
CVE-2024-21416
|
2024-09-21 03:55 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
66
|
5.5 |
MEDIUM
Local
|
conduit
|
conduit
|
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to sen…
Update
|
NVD-CWE-Other
|
CVE-2024-6302
|
2024-09-21 03:42 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
- |
|
-
|
-
|
Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function.
New
|
-
|
CVE-2024-42697
|
2024-09-21 03:35 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
5.4 |
MEDIUM
Network
|
librenms
|
librenms
|
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-4979
|
2024-09-21 03:35 |
2023-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
8.8 |
HIGH
Network
|
conduit
|
conduit
|
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias t…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-6303
|
2024-09-21 03:34 |
2024-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
8.8 |
HIGH
Network
|
brainstormforce
|
pre-publish_checklist
|
Missing Authorization vulnerability in Brainstorm Force Pre-Publish Checklist.This issue affects Pre-Publish Checklist: from n/a through 1.1.1.
Update
|
CWE-862
Missing Authorization
|
CVE-2023-44151
|
2024-09-21 03:17 |
2024-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
