|
71
|
9.8 |
CRITICAL
Network
man
|
d-tale
|
D-Tale is a visualizer for Pandas data structures. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrad…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45595
|
2024-09-21 04:59 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
72
|
8.8 |
HIGH
Network
|
nixos
|
nix
|
Nix is a package manager for Linux and other Unix systems. A bug in Nix 2.24 prior to 2.24.6 allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to a…
Update
|
CWE-22
Path Traversal
|
CVE-2024-45593
|
2024-09-21 04:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
6.1 |
MEDIUM
Network
|
damienharper
|
auditor-bundle
|
auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45592
|
2024-09-21 04:57 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
5.3 |
MEDIUM
Network
xwiki
|
xwiki
|
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the pa…
Update
|
CWE-862
Missing Authorization
|
CVE-2024-45591
|
2024-09-21 04:55 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
75
|
7.3 |
HIGH
Network
fortinet
|
forticlient_enterprise_management_server
|
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthe…
Update
|
CWE-77
Command Injection
|
CVE-2024-33508
|
2024-09-21 04:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
76
|
6.5 |
MEDIUM
Network
|
fortinet
|
fortisandbox
|
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5 al…
Update
|
NVD-CWE-noinfo
|
CVE-2024-31490
|
2024-09-21 04:48 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
4.6 |
MEDIUM
Physics
|
fortinet
|
forticlient
|
A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions m…
Update
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-35282
|
2024-09-21 04:44 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
3.7 |
LOW
Network
|
fortinet
|
fortiadc
|
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2…
Update
|
NVD-CWE-noinfo
|
CVE-2024-36511
|
2024-09-21 04:43 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
7.1 |
HIGH
Local
|
citrix
|
workspace
|
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privilege…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-42423
|
2024-09-21 04:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
8.1 |
HIGH
Network
|
fortinet
|
forticlient
|
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 thr…
Update
|
CWE-295
Improper Certificate Validation
|
CVE-2024-31489
|
2024-09-21 04:41 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
