|
1741
|
9.8 |
CRITICAL
Network
secom
|
dr.id_attendance_system
|
Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database cont…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7732
|
2024-09-17 01:49 |
2024-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1742
|
7.8 |
HIGH
Local
|
ultimaker
|
ultimaker_cura
|
UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of th…
|
CWE-94
Code Injection
|
CVE-2024-8374
|
2024-09-17 01:44 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1743
|
5.5 |
MEDIUM
Local
|
artifex
|
mupdf
|
The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF docume…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-10221
|
2024-09-17 01:35 |
2017-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1744
|
6.4 |
MEDIUM
Network
|
halo
|
halo
|
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2024-43793
|
2024-09-17 01:28 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1745
|
6.1 |
MEDIUM
Network
|
halo
|
halo
|
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2024-43792
|
2024-09-17 01:26 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1746
|
8.2 |
HIGH
Network
sap
|
bex_web_java_runtime_export_web_service
|
BEx Web Java Runtime Export Web Service does not
sufficiently validate an XML document accepted from an untrusted source. An
attacker can retrieve information from the SAP ADS system and exhaust the
…
|
CWE-91
Blind XPath Injection
|
CVE-2024-42374
|
2024-09-17 01:25 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1747
|
9.1 |
CRITICAL
Network
sap
|
commerce_cloud
|
Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included…
|
NVD-CWE-noinfo
|
CVE-2024-33003
|
2024-09-17 01:22 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1748
|
7.5 |
HIGH
Network
github
|
actions\/artifact
actions_toolkit
|
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downl…
|
CWE-22
Path Traversal
|
CVE-2024-42471
|
2024-09-17 01:18 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1749
|
4.3 |
MEDIUM
Network
|
sap
|
business_objects_business_intelligence_platform
|
SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful
exploitat…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-28166
|
2024-09-17 01:17 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1750
|
5.3 |
MEDIUM
Network
mainwww
|
mwcms
|
A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7705
|
2024-09-17 01:15 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
