21
|
5.3 |
MEDIUM
Network
secreto31126
|
whatsapp-api-js
|
whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the…
Update
|
NVD-CWE-Other
|
CVE-2024-45607
|
2024-09-19 11:05 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
22
|
8.8 |
HIGH
Network
|
rockwellautomation
|
2800c_optixpanel_compact_firmware 2800s_optixpanel_standard_firmware embedded_edge_compute_module_firmware
|
A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials an…
Update
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-8533
|
2024-09-19 10:57 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
9.8 |
CRITICAL
Network
rockwellautomation
|
pavilion8
|
A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execut…
Update
|
CWE-22
Path Traversal
|
CVE-2024-7961
|
2024-09-19 10:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
24
|
9.1 |
CRITICAL
Network
rockwellautomation
|
pavilion8
|
The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect pri…
Update
|
NVD-CWE-noinfo
|
CVE-2024-7960
|
2024-09-19 10:52 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
25
|
4.3 |
MEDIUM
Network
|
lenovo
|
xclarity_administrator
|
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
Update
|
NVD-CWE-noinfo
|
CVE-2024-45103
|
2024-09-19 10:50 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
6.5 |
MEDIUM
Network
|
lenovo
|
xclarity_administrator
|
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
Update
|
NVD-CWE-noinfo
|
CVE-2024-45104
|
2024-09-19 10:49 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
9.8 |
CRITICAL
Network
heyewei
|
jfinalcms
|
A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads t…
Update
|
CWE-22
Path Traversal
|
CVE-2024-8782
|
2024-09-19 10:46 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
28
|
6.5 |
MEDIUM
Adjacent
|
zephyrproject
|
zephyr
|
BT: Encryption procedure host vulnerability
Update
|
NVD-CWE-noinfo
|
CVE-2024-5754
|
2024-09-19 10:44 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
6.5 |
MEDIUM
Adjacent
|
zephyrproject
|
zephyr
|
BT: Missing length checks of net_buf in rfcomm_handle_data
Update
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2024-6258
|
2024-09-19 10:40 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
30
|
9.8 |
CRITICAL
Network
mayurik
|
best_free_law_office_management
|
SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/con…
Update
|
CWE-89
SQL Injection
|
CVE-2024-44430
|
2024-09-19 10:38 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|