331
|
5.9 |
MEDIUM
Network
|
moxa
|
mxview_one
|
This vulnerability occurs when an attacker exploits a race condition between the time a file is checked and the time it is used (TOCTOU). By exploiting this race condition, an attacker can write arbi…
Update
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2024-6787
|
2024-10-1 03:02 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
332
|
6.1 |
MEDIUM
Network
|
rws
|
multitrans
|
An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-43025
|
2024-10-1 02:51 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
333
|
5.3 |
MEDIUM
Network
coffee2code
|
remember_me_controls
|
The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php …
Update
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-7415
|
2024-10-1 02:46 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
334
|
8.2 |
HIGH
Network
|
scriptcase
|
scriptcase
|
Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. This vulnera…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8942
|
2024-10-1 02:39 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
335
|
6.1 |
MEDIUM
Network
|
rollupjs
|
rollup
|
Rollup is a module bundler for JavaScript. Versions prior to 3.29.5 and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `impor…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47068
|
2024-10-1 02:39 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
336
|
7.5 |
HIGH
Network
linuxptp_project
|
linuxptp
|
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function
Update
|
NVD-CWE-noinfo
|
CVE-2024-42861
|
2024-10-1 02:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
337
|
9.8 |
CRITICAL
Network
oracle
|
webcenter_portal utilities_framework retail_assortment_planning coherence rapid_planning communications_diameter_signaling_router healthcare_data_repository commerce_platform
|
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-2555
|
2024-10-1 02:35 |
2020-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
338
|
8.8 |
HIGH
Local
|
oracle
|
solaris
|
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker …
Update
|
NVD-CWE-noinfo
|
CVE-2019-3010
|
2024-10-1 02:35 |
2019-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
339
|
6.1 |
MEDIUM
Network
|
flowiseai
|
embed flowise
|
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9148
|
2024-10-1 02:34 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
340
|
- |
|
-
|
-
|
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary code into the NNM UI via the local CLI.
New
|
-
|
CVE-2024-9158
|
2024-10-1 02:15 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|