211
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2024-52520
|
2024-11-16 02:35 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
212
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
This…
New
|
CWE-20
Improper Input Validation
|
CVE-2021-1470
|
2024-11-16 02:35 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
213
|
7.8 |
HIGH
Local
|
dell
|
smartfabric_os10
|
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit …
Update
|
CWE-77
Command Injection
|
CVE-2024-49560
|
2024-11-16 02:35 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
214
|
7.8 |
HIGH
Local
|
dell
|
smartfabric_os10
|
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potenti…
Update
|
NVD-CWE-noinfo
|
CVE-2024-49558
|
2024-11-16 02:35 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
215
|
8.8 |
HIGH
Network
|
anisha
|
job_recruitment
|
A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulat…
Update
|
CWE-89
SQL Injection
|
CVE-2024-11127
|
2024-11-16 02:29 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
216
|
7.5 |
HIGH
Network
eclipse
|
mosquitto
|
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "U…
Update
|
CWE-416 CWE-401 CWE-755
Use After Free Missing Release of Memory after Effective Lifetime Improper Handling of Exceptional Conditions
|
CVE-2024-8376
|
2024-11-16 02:21 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
217
|
5.4 |
MEDIUM
Network
|
nicheaddons
|
sales_page_addon
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon – Elementor & Beaver Builder allows Stored XSS.This issue aff…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51585
|
2024-11-16 02:17 |
2024-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
218
|
5.4 |
MEDIUM
Network
|
modernaweb
|
black_widgets_for_elementor
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black W…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-51662
|
2024-11-16 02:16 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
219
|
- |
|
-
|
-
|
Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. Budget Control Gateway does not properly validate auth tokens,…
New
|
CWE-285
Improper Authorization
|
CVE-2024-52528
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
220
|
- |
|
-
|
-
|
Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved i…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-52525
|
2024-11-16 02:15 |
2024-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|