|
1681
|
5.3 |
MEDIUM
Network
krontech
|
single_connect
|
Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module. A remote attacker could exploit this vulnerability to access the device information page. The exploita…
|
CWE-862
Missing Authorization
|
CVE-2021-44794
|
2024-09-17 04:16 |
2022-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1682
|
8.8 |
HIGH
Network
|
wordpress_popular_posts_project
|
wordpress_popular_posts
|
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attac…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-42362
|
2024-09-17 04:16 |
2021-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1683
|
4.8 |
MEDIUM
Network
|
wp_maintenance_project
|
wp_maintenance
|
Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions.
|
CWE-79
Cross-site Scripting
|
CVE-2021-36828
|
2024-09-17 04:15 |
2022-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1684
|
5.5 |
MEDIUM
Local
|
telenot
|
compasx
|
Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total …
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2021-34600
|
2024-09-17 04:15 |
2022-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1685
|
8.8 |
HIGH
Network
|
solarwinds
|
orion_platform
|
Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and pass…
|
CWE-89
SQL Injection
|
CVE-2021-35234
|
2024-09-17 04:15 |
2021-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1686
|
6.8 |
MEDIUM
Adjacent
|
mongodb
quarkus
|
java_driver
quarkus
|
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in comb…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-20328
|
2024-09-17 04:15 |
2021-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1687
|
9.8 |
CRITICAL
Network
talyabilisim
|
travel_apps
|
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS:…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-1107
|
2024-09-17 04:08 |
2024-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1688
|
4.8 |
MEDIUM
Local
|
libssh
redhat
fedoraproject
|
libssh
enterprise_linux
fedora
|
A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code in…
|
CWE-74
Injection
|
CVE-2023-6004
|
2024-09-17 03:15 |
2024-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1689
|
5.3 |
MEDIUM
Network
libssh
redhat
fedoraproject
|
libssh
enterprise_linux
fedora
|
A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. The return values from these were not properly checked,…
|
CWE-252
Unchecked Return Value
|
CVE-2023-6918
|
2024-09-17 03:15 |
2023-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1690
|
7.4 |
HIGH
Network
|
velneo
|
vclient
|
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server.
|
CWE-287
Improper Authentication
|
CVE-2021-45036
|
2024-09-17 03:15 |
2022-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
