2561
|
4.3 |
MEDIUM
Network
|
63moons
|
aero wave_2.0
|
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-51560
|
2024-11-9 00:18 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2562
|
6.1 |
MEDIUM
Network
|
google_docs_rsvp_project
|
google_docs_rsvp
|
Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1.
|
CWE-352
Origin Validation Error
|
CVE-2024-49672
|
2024-11-9 00:16 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2563
|
4.6 |
MEDIUM
Physics
|
tp-link
|
tapo_h100_firmware
|
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-10523
|
2024-11-9 00:14 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2564
|
8.8 |
HIGH
Network
|
microsoft
|
dataverse
|
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
|
NVD-CWE-noinfo
|
CVE-2024-38139
|
2024-11-9 00:14 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2565
|
7.5 |
HIGH
Network
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulner…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-45085
|
2024-11-9 00:13 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2566
|
9.8 |
CRITICAL
Network
bg-tek
|
coslat
|
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069.
…
|
CWE-94
Code Injection
|
CVE-2024-10035
|
2024-11-9 00:11 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2567
|
5.4 |
MEDIUM
Network
|
salesagility
|
suitecrm
|
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50335
|
2024-11-9 00:09 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2568
|
9.1 |
CRITICAL
Network
qualcomm
|
wsa8845h_firmware wsa8845_firmware wsa8840_firmware wsa8835_firmware wsa8832_firmware wsa8830_firmware wsa8815_firmware wsa8810_firmware wcn7881_firmware wcn7880_firmware
|
Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.
|
NVD-CWE-noinfo
|
CVE-2024-38408
|
2024-11-9 00:07 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2569
|
6.1 |
MEDIUM
Network
|
flycart
|
discount_rules_for_woocommerce
|
The Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of a…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8541
|
2024-11-9 00:07 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2570
|
8.8 |
HIGH
Network
|
ibm
|
watson_studio_local
|
IBM Watson Studio Local 1.2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
|
CWE-352
Origin Validation Error
|
CVE-2024-49340
|
2024-11-9 00:06 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|