|
601
|
7.1 |
HIGH
Local
|
moxa
|
mxview_one
mxview_one_central_manager
|
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensit…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-6785
|
2024-09-28 03:59 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
8.8 |
HIGH
Network
|
phoenixcontact
|
tc_mguard_rs4000_4g_vzw_vpn_firmware
tc_mguard_rs4000_4g_vpn_firmware
tc_mguard_rs4000_4g_att_vpn_firmware
tc_mguard_rs4000_3g_vpn_firmware
tc_mguard_rs2000_4g_vzw_vpn_firmware
tc_mgua…
|
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.
|
CWE-78
OS Command
|
CVE-2024-7699
|
2024-09-28 03:59 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
7.8 |
HIGH
Local
|
logitech
|
logi_options\+
|
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuse…
|
CWE-94
Code Injection
|
CVE-2024-8258
|
2024-09-28 03:56 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
9.8 |
CRITICAL
Network
millbeck
|
proroute_h685t-w_firmware
|
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
|
CWE-78
OS Command
|
CVE-2024-45682
|
2024-09-28 03:54 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
605
|
4.7 |
MEDIUM
Network
|
meowapps
|
ai_engine
|
The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing ch…
|
CWE-89
SQL Injection
|
CVE-2024-6723
|
2024-09-28 03:50 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
6.8 |
MEDIUM
Network
|
cilium
|
cilium
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore lab…
|
CWE-362
Race Condition
|
CVE-2024-42488
|
2024-09-28 03:49 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
6.1 |
MEDIUM
Network
|
wp-unit
|
share_this_image
|
The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link p…
|
CWE-601
Open Redirect
|
CVE-2024-8761
|
2024-09-28 03:41 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
6.5 |
MEDIUM
Network
|
wp-property-hive
|
propertyhive
|
The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_accou…
|
CWE-352
Origin Validation Error
|
CVE-2024-8490
|
2024-09-28 03:36 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
4.8 |
MEDIUM
Network
|
majeedraza
|
carousel_slider
|
The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks eve…
|
CWE-79
Cross-site Scripting
|
CVE-2024-6850
|
2024-09-28 03:30 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
7.2 |
HIGH
Network
|
nsqua
|
simply_schedule_appointments
|
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.43 does not escape template syntax provided via user input, leading to Twig Template Injec…
|
NVD-CWE-Other
|
CVE-2024-7129
|
2024-09-28 03:26 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
