|
1581
|
8.1 |
HIGH
Network
|
dell
|
smartfabric_os10
|
Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentia…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-39585
|
2024-09-17 11:15 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1582
|
5.4 |
MEDIUM
Network
|
cyberchimps
|
ifeature_slider
|
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.
|
CWE-79
Cross-site Scripting
|
CVE-2022-45375
|
2024-09-17 11:15 |
2022-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1583
|
7.5 |
HIGH
Network
device42
|
cmdb
|
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with roo…
|
CWE-863
Incorrect Authorization
|
CVE-2022-1401
|
2024-09-17 11:15 |
2022-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1584
|
9.8 |
CRITICAL
Network
dell
oracle
|
bsafe_crypto-c-micro-edition
bsafe_micro-edition-suite
http_server
security_service
database
weblogic_server_proxy_plug-in
|
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
|
NVD-CWE-Other
|
CVE-2020-35166
|
2024-09-17 11:15 |
2022-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1585
|
8.8 |
HIGH
Network
|
admin_management_xtended_project
|
admin_management_xtended
|
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.
|
CWE-352
Origin Validation Error
|
CVE-2022-29450
|
2024-09-17 11:15 |
2022-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1586
|
5.5 |
MEDIUM
Local
|
mongodb
|
mongodb
|
Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2021-32039
|
2024-09-17 11:15 |
2022-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1587
|
5.4 |
MEDIUM
Network
|
ibm
|
financial_transaction_manager
|
IBM Financial Transaction Manager 3.2.0 through 3.2.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende…
|
CWE-79
Cross-site Scripting
|
CVE-2020-5000
|
2024-09-17 11:15 |
2021-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1588
|
4.4 |
MEDIUM
Local
|
mongodb
|
rust_driver
|
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logg…
|
NVD-CWE-noinfo
|
CVE-2021-20332
|
2024-09-17 11:15 |
2021-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1589
|
4.6 |
MEDIUM
Adjacent
|
mongodb
|
ops_manager
|
For MongoDB Ops Manager versions prior to and including 4.2.24 with multiple OM application servers, that have SSL turned on for their MongoDB processes, the upgrade to MongoDB Ops Manager versions p…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2021-20335
|
2024-09-17 11:15 |
2021-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1590
|
6.5 |
MEDIUM
Network
|
mongodb
|
ops_manager
|
Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 version…
|
NVD-CWE-noinfo
|
CVE-2020-7927
|
2024-09-17 11:15 |
2020-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
