431
|
7.5 |
HIGH
Network
hongdian
|
h8951-4g-esp_firmware
|
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2023-49256
|
2024-10-11 01:15 |
2024-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
432
|
5.4 |
MEDIUM
Network
|
verot
|
class.upload.php
|
As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used.
Developers must be aware of …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-6551
|
2024-10-11 01:15 |
2024-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
433
|
7.7 |
HIGH
Local
|
coolkit
|
ewelink
|
Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.This issue affects eWeLink before 5.2.0.
|
NVD-CWE-noinfo
|
CVE-2023-6998
|
2024-10-11 01:15 |
2023-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
434
|
9.8 |
CRITICAL
Network
apereo
|
central_authentication_service
|
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7…
|
CWE-287
Improper Authentication
|
CVE-2023-4612
|
2024-10-11 01:15 |
2023-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
435
|
7.5 |
HIGH
Network
daurnimator
|
lua-http
|
Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted…
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2023-4540
|
2024-10-11 01:15 |
2023-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
436
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
iommu: Restore lost return in iommu_report_device_fault()
When iommu_report_device_fault gets called with a partial fault it is
s…
|
NVD-CWE-noinfo
|
CVE-2024-44994
|
2024-10-11 00:59 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
437
|
8.8 |
HIGH
Network
|
photoboxone
|
smtp_mail
|
Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.
|
-
|
CVE-2024-25914
|
2024-10-11 00:57 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
438
|
8.8 |
HIGH
Network
|
sap
|
netweaver_application_server_java
|
The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This r…
|
CWE-79
Cross-site Scripting
|
CVE-2024-22126
|
2024-10-11 00:56 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
439
|
8.1 |
HIGH
Network
|
microsoft
|
windows_10_22h2 windows_10_21h2 windows_11_22h2 windows_11_22h3 windows_server_2022 windows_server_23h2 windows_11_23h2 windows_server_2019 windows_10_1809 windows_11_24h2<…
|
Windows MSHTML Platform Spoofing Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-43573
|
2024-10-11 00:54 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
440
|
6.5 |
MEDIUM
Network
|
ellucian
|
banner
|
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-49339
|
2024-10-11 00:47 |
2024-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|