61
|
- |
|
-
|
-
|
DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name.
New
|
-
|
CVE-2024-41583
|
2024-10-4 04:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
62
|
7.5 |
HIGH
Adjacent
|
samsung
|
syncthru_web_service
|
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
Update
|
NVD-CWE-noinfo
|
CVE-2021-35309
|
2024-10-4 04:35 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
63
|
8.8 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2023-2137
|
2024-10-4 04:35 |
2023-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
64
|
7.5 |
HIGH
Network
|
google debian fedoraproject
|
chrome debian_linux fedora
|
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafte…
Update
|
CWE-416
Use After Free
|
CVE-2023-2135
|
2024-10-4 04:35 |
2023-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
65
|
7.2 |
HIGH
Network
|
atlassian
|
jira_data_center jira_server
|
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center al…
Update
|
CWE-94
Code Injection
|
CVE-2022-36799
|
2024-10-4 04:35 |
2022-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
66
|
9.8 |
CRITICAL
Network
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-2628
|
2024-10-4 04:35 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
67
|
5.3 |
MEDIUM
Network
nokia
|
g-040w-q_firmware
|
Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, re…
Update
|
NVD-CWE-noinfo
|
CVE-2023-41354
|
2024-10-4 04:24 |
2023-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
68
|
7.8 |
HIGH
Local
|
pilz codesys festo wago
|
pmc control_for_beaglebone control_for_empc-a\/imx6 control_for_iot2000 control_for_pfc100 control_for_pfc200 control_for_plcnext control_for_raspberry_pi hmi_v3 control_v3…
|
In CODESYS V3 products in all versions prior V3.5.16.0 containing the CmpUserMgr, the CODESYS Control runtime system stores the online communication passwords using a weak hashing algorithm. This can…
Update
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2020-12069
|
2024-10-4 04:18 |
2022-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
69
|
- |
|
-
|
-
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Express. This vulnerability affects the use of the Express Response object. This issue impacts Express: from 3.4.5 before 4.0.0.
New
|
-
|
CVE-2024-9266
|
2024-10-4 04:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
70
|
- |
|
-
|
-
|
An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding the PRNG o…
New
|
-
|
CVE-2024-41594
|
2024-10-4 04:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|