1401
|
7.8 |
HIGH
Local
|
zoom
|
rooms zoom
|
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
|
CWE-269
Improper Privilege Management
|
CVE-2023-39211
|
2024-09-28 04:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1402
|
6.5 |
MEDIUM
Network
|
zoom
|
zoom
|
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.
|
CWE-20
Improper Input Validation
|
CVE-2023-39209
|
2024-09-28 04:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1403
|
6.5 |
MEDIUM
Network
|
zoom
|
zoom virtual_desktop_infrastructure rooms
|
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
|
NVD-CWE-Other
|
CVE-2023-36535
|
2024-09-28 04:15 |
2023-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1404
|
7.1 |
HIGH
Local
|
moxa
|
mxview_one mxview_one_central_manager
|
The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused due to sensit…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-6785
|
2024-09-28 03:59 |
2024-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1405
|
8.8 |
HIGH
Network
|
phoenixcontact
|
tc_mguard_rs4000_4g_vzw_vpn_firmware tc_mguard_rs4000_4g_vpn_firmware tc_mguard_rs4000_4g_att_vpn_firmware tc_mguard_rs4000_3g_vpn_firmware tc_mguard_rs2000_4g_vzw_vpn_firmware tc_mgua…
|
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.
|
CWE-78
OS Command
|
CVE-2024-7699
|
2024-09-28 03:59 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1406
|
7.8 |
HIGH
Local
|
logitech
|
logi_options\+
|
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuse…
|
CWE-94
Code Injection
|
CVE-2024-8258
|
2024-09-28 03:56 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1407
|
9.8 |
CRITICAL
Network
millbeck
|
proroute_h685t-w_firmware
|
There is a command injection vulnerability that may allow an attacker to inject malicious input on the device's operating system.
|
CWE-78
OS Command
|
CVE-2024-45682
|
2024-09-28 03:54 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1408
|
4.7 |
MEDIUM
Network
|
meowapps
|
ai_engine
|
The AI Engine WordPress plugin before 2.4.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when viewing ch…
|
CWE-89
SQL Injection
|
CVE-2024-6723
|
2024-09-28 03:50 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1409
|
6.8 |
MEDIUM
Network
|
cilium
|
cilium
|
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore lab…
|
CWE-362
Race Condition
|
CVE-2024-42488
|
2024-09-28 03:49 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1410
|
6.1 |
MEDIUM
Network
|
wp-unit
|
share_this_image
|
The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link p…
|
CWE-601
Open Redirect
|
CVE-2024-8761
|
2024-09-28 03:41 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|