991
|
7.2 |
HIGH
Network
|
quttera
|
quttera_web_malware_scanner
|
IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks
|
CWE-22
Path Traversal
|
CVE-2023-6222
|
2024-10-1 04:35 |
2023-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
992
|
7.5 |
HIGH
Network
kastle
|
access_control_system_firmware
|
Kastle Systems firmware prior to May 1, 2024, stored machine credentials in cleartext, which may allow an attacker to access sensitive information.
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-45862
|
2024-10-1 04:33 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
993
|
8.8 |
HIGH
Network
|
nozominetworks
|
cmc guardian
|
A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality.
Authenticated users may be ab…
|
CWE-89
SQL Injection
|
CVE-2023-2567
|
2024-10-1 04:32 |
2023-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
994
|
8.8 |
HIGH
Network
|
nozominetworks
|
cmc guardian
|
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL stat…
|
CWE-89
SQL Injection
|
CVE-2023-23574
|
2024-10-1 04:30 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
995
|
7.5 |
HIGH
Network
kastle
|
access_control_system_firmware
|
Kastle Systems firmware prior to May 1, 2024, contained a hard-coded credential, which if accessed may allow an attacker to access sensitive information.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-45861
|
2024-10-1 04:25 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
996
|
9.8 |
CRITICAL
Network
-
|
-
|
Rejected reason: Duplicate of CVE-2024-45806.
|
-
|
CVE-2024-7207
|
2024-10-1 04:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
997
|
9.8 |
CRITICAL
Network
github
|
enterprise_server
|
An XML signature wrapping vulnerability was present in GitHub Enterprise Server (GHES) when using SAML authentication with specific identity providers utilizing publicly exposed signed federation met…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-6800
|
2024-10-1 04:14 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
998
|
5.3 |
MEDIUM
Network
coffee2code
|
custom_post_limits
|
The Custom Post Limits plugin for WordPress is vulnerable to full path disclosure in all versions up to, and including, 4.4.1. This is due to the plugin utilizing bootstrap and leaving test files wit…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-6544
|
2024-10-1 04:12 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
999
|
6.5 |
MEDIUM
Network
|
moxa
|
mxview_one
|
The vulnerability allows an attacker to craft MQTT messages that include relative path traversal sequences, enabling them to read arbitrary files on the system. This could lead to the disclosure of s…
|
CWE-22
Path Traversal
|
CVE-2024-6786
|
2024-10-1 03:31 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1000
|
4.3 |
MEDIUM
Network
|
cilium
|
cilium
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoute…
|
CWE-436
Interpretation Conflict
|
CVE-2024-42487
|
2024-10-1 03:31 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|