1071
|
4.8 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete C…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8291
|
2024-10-1 00:59 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1072
|
2.7 |
LOW
Network
|
github
|
enterprise_server
|
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of G…
|
NVD-CWE-noinfo
|
CVE-2024-8263
|
2024-10-1 00:57 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1073
|
7.5 |
HIGH
Network
ibm
|
aspera_console
|
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerabilit…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2022-43845
|
2024-10-1 00:53 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1074
|
4.9 |
MEDIUM
Network
|
zyxel
|
wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…
|
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated at…
|
NVD-CWE-noinfo
|
CVE-2024-38268
|
2024-10-1 00:52 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1075
|
4.9 |
MEDIUM
Network
|
zyxel
|
wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…
|
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated a…
|
NVD-CWE-noinfo
|
CVE-2024-38267
|
2024-10-1 00:52 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1076
|
4.9 |
MEDIUM
Network
|
zyxel
|
wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…
|
An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authentica…
|
NVD-CWE-noinfo
|
CVE-2024-38269
|
2024-10-1 00:51 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1077
|
8.0 |
HIGH
Network
|
ibm
|
aspera_console
|
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a CSV injection vulnerability. By persuading a victim to open a s…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2021-38963
|
2024-10-1 00:48 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1078
|
6.8 |
MEDIUM
Physics
|
sony
|
xav-ax5500_firmware
|
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installa…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-23972
|
2024-10-1 00:37 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1079
|
6.8 |
MEDIUM
Physics
|
sony
|
xav-ax5500_firmware
|
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2024-23922
|
2024-10-1 00:37 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1080
|
8.8 |
HIGH
Network
|
checkmk
|
checkmk
|
Bypass of two factor authentication in RestAPI in Checkmk < 2.3.0p16 and < 2.2.0p34 allows authenticated users to bypass two factor authentication
|
CWE-863
Incorrect Authorization
|
CVE-2024-8606
|
2024-10-1 00:32 |
2024-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|