|
1811
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access protected user data.
|
NVD-CWE-noinfo
|
CVE-2024-40801
|
2024-09-25 00:43 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1812
|
5.5 |
MEDIUM
Local
|
apple
|
macos
ipados
iphone_os
visionos
watchos
tvos
|
A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, …
|
NVD-CWE-noinfo
|
CVE-2024-40850
|
2024-09-25 00:41 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1813
|
6.1 |
MEDIUM
Network
|
dedecms
|
dedecms
|
DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module.
|
CWE-79
Cross-site Scripting
|
CVE-2024-46372
|
2024-09-25 00:40 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1814
|
7.5 |
HIGH
Network
draytek
|
vigor3910_firmware
|
Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craft…
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-46590
|
2024-09-25 00:23 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1815
|
6.5 |
MEDIUM
Network
|
acquia
|
mautic
|
Prior to the patched version, logged in users of Mautic are able to access areas of the application that they should be prevented from accessing.
Users could potentially access sensitive data such a…
|
CWE-276
Incorrect Default Permissions
|
CVE-2022-25776
|
2024-09-25 00:19 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1816
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the file system.
|
NVD-CWE-noinfo
|
CVE-2024-40843
|
2024-09-25 00:02 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1817
|
5.5 |
MEDIUM
Local
|
apple
|
macos
|
An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.
|
NVD-CWE-noinfo
|
CVE-2024-40842
|
2024-09-24 23:56 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1818
|
7.5 |
HIGH
Network
apple
|
macos
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. A non-privileged user may be able to modify restricted network settings.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2024-40770
|
2024-09-24 23:55 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1819
|
4.3 |
MEDIUM
Adjacent
|
google
|
nearby
|
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the us…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2024-38272
|
2024-09-24 23:34 |
2024-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1820
|
8.8 |
HIGH
Network
|
mintplexlabs
|
anythingllm
|
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded li…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-3149
|
2024-09-24 23:19 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
