31
|
8.8 |
HIGH
Network
|
dell
|
data_domain_operating_system
|
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could pote…
Update
|
CWE-78
OS Command
|
CVE-2024-37140
|
2024-09-24 06:01 |
2024-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
32
|
4.4 |
MEDIUM
Local
|
dell
|
data_domain_operating_system
|
Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading…
Update
|
CWE-89
SQL Injection
|
CVE-2024-29174
|
2024-09-24 06:00 |
2024-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
33
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field of Custom Fields messa…
New
|
-
|
CVE-2024-46639
|
2024-09-24 05:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
34
|
- |
|
-
|
-
|
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
New
|
-
|
CVE-2024-37779
|
2024-09-24 05:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
35
|
- |
|
-
|
-
|
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.
New
|
-
|
CVE-2024-39843
|
2024-09-24 05:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
36
|
- |
|
-
|
-
|
Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process th…
New
|
-
|
CVE-2024-39342
|
2024-09-24 05:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
37
|
8.8 |
HIGH
Network
|
dedecms
|
dedecms
|
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-43226
|
2024-09-24 05:35 |
2023-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
38
|
5.4 |
MEDIUM
Network
|
e107
|
e107_cms
|
Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Ta…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2023-43874
|
2024-09-24 05:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
39
|
7.8 |
HIGH
Local
|
binalyze
|
irec
|
An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.
Update
|
NVD-CWE-noinfo
|
CVE-2023-41444
|
2024-09-24 05:35 |
2023-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
40
|
7.2 |
HIGH
Network
|
fileorganizer
|
fileorganizer
|
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
Update
|
-
|
CVE-2023-3664
|
2024-09-24 05:35 |
2023-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|