|
621
|
5.3 |
MEDIUM
Network
microsoft
|
windows_server_2012
windows_server_2016
windows_server_2019
windows_server_2022
|
DHCP Server Service Information Disclosure Vulnerability
Update
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2023-29355
|
2024-10-2 01:35 |
2023-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
622
|
5.3 |
MEDIUM
Network
atlassian
|
confluence_data_center
confluence_server
|
Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informa…
Update
|
NVD-CWE-noinfo
|
CVE-2023-22503
|
2024-10-2 01:35 |
2023-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
623
|
5.4 |
MEDIUM
Network
|
strangerstudios
|
paid_memberships_pro
|
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-4830
|
2024-10-2 01:35 |
2023-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
624
|
5.4 |
MEDIUM
Network
|
3dflipbook
|
3d_flipbook
|
The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Con…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-4453
|
2024-10-2 01:35 |
2023-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
625
|
9.8 |
CRITICAL
Network
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware
progauge_maglink_lx4_console_firmware
|
An attacker can directly request the ProGauge MAGLINK LX CONSOLE
resource sub page with full privileges by requesting the URL directly.
Update
|
NVD-CWE-Other
|
CVE-2024-43692
|
2024-10-2 01:22 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
626
|
9.8 |
CRITICAL
Network
doverfuelingsolutions
|
progauge_maglink_lx_console_firmware
progauge_maglink_lx4_console_firmware
|
A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP
sub-menu can allow a remote attacker to inject arbitrary commands.
Update
|
CWE-77
Command Injection
|
CVE-2024-45066
|
2024-10-2 01:18 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
627
|
- |
|
-
|
-
|
A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox E…
New
|
-
|
CVE-2024-9399
|
2024-10-2 01:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
628
|
- |
|
-
|
-
|
By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vuln…
New
|
-
|
CVE-2024-9398
|
2024-10-2 01:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
629
|
- |
|
-
|
-
|
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 1…
New
|
-
|
CVE-2024-9397
|
2024-10-2 01:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
630
|
- |
|
-
|
-
|
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions o…
New
|
-
|
CVE-2024-9395
|
2024-10-2 01:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
