131
|
7.5 |
HIGH
Network
loytec
|
l-inx_configurator
|
LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Cleartext storage of credentials allows remote attackers to disclose admin password and bypass an authe…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2023-46384
|
2024-09-21 02:15 |
2023-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
132
|
7.5 |
HIGH
Network
loytec
|
l-inx_configurator
|
LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the p…
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2023-46383
|
2024-09-21 02:15 |
2023-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
133
|
9.8 |
CRITICAL
Network
sfs
|
winsure
|
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.
Update
|
CWE-611
XXE
|
CVE-2024-7098
|
2024-09-21 02:14 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
134
|
9.8 |
CRITICAL
Network
sfs
|
insuree_gl
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2.
Update
|
CWE-89
SQL Injection
|
CVE-2024-6401
|
2024-09-21 02:07 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
135
|
7.8 |
HIGH
Local
|
refuel
|
autolabel
|
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a use…
Update
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2024-27321
|
2024-09-21 02:06 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
136
|
8.8 |
HIGH
Network
|
oretnom23
|
simple_forum\/discussion_system
|
A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argu…
New
|
CWE-22
Path Traversal
|
CVE-2024-9032
|
2024-09-21 02:04 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
137
|
9.8 |
CRITICAL
Network
best_online_news_portal_project
|
best_online_news_portal
|
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. This vulnerability affects unknown code of the file /news-details.php of the component Comment Section.…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9008
|
2024-09-21 02:01 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
138
|
8.1 |
HIGH
Network
|
totolink
|
a720r_firmware
|
A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack…
Update
|
CWE-78
OS Command
|
CVE-2024-8869
|
2024-09-21 01:59 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
139
|
7.5 |
HIGH
Network
xiaohe4966
|
tpmecms
|
A vulnerability, which was classified as problematic, has been found in xiaohe4966 TpMeCMS up to 1.3.3.1. Affected by this issue is some unknown functionality of the file /index/ajax/lang. The manipu…
Update
|
CWE-22
Path Traversal
|
CVE-2024-8876
|
2024-09-21 01:58 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
140
|
6.7 |
MEDIUM
Local
|
cisco
|
identity_services_engine
|
A vulnerability in specific CLI commands in Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system a…
Update
|
CWE-78
OS Command
|
CVE-2024-20469
|
2024-09-21 01:58 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|