1471
|
6.5 |
MEDIUM
Network
|
hashicorp
|
consul
|
Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service…
|
NVD-CWE-noinfo
|
CVE-2023-2816
|
2024-09-27 04:15 |
2023-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1472
|
4.3 |
MEDIUM
Network
|
sentry
|
sentry
|
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45605
|
2024-09-27 04:14 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1473
|
9.8 |
CRITICAL
Network
apexsoftcell
|
ld_geo ld_dp_back_office
|
This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability b…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-47088
|
2024-09-27 04:12 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1474
|
6.5 |
MEDIUM
Network
|
apexsoftcell
|
ld_geo ld_dp_back_office
|
This vulnerability exists in the Apex Softcell LD Geo due to improper validation of the transaction token ID in the API endpoint. An authenticated remote attacker could exploit this vulnerability by …
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2024-47089
|
2024-09-27 04:09 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1475
|
5.3 |
MEDIUM
Network
circutor
|
q-smt_firmware
|
An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is presen…
|
NVD-CWE-noinfo
|
CVE-2024-8891
|
2024-09-27 03:50 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1476
|
7.5 |
HIGH
Network
coredns.io
|
coredns
|
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal r…
|
NVD-CWE-noinfo
|
CVE-2023-28452
|
2024-09-27 03:37 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1477
|
7.5 |
HIGH
Network
jeecg
|
jeecg_boot
|
Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.
|
NVD-CWE-noinfo
|
CVE-2023-41578
|
2024-09-27 03:35 |
2023-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1478
|
7.5 |
HIGH
Network
golang
|
go
|
Processing an incomplete post-handshake message for a QUIC connection can cause a panic.
|
NVD-CWE-noinfo
|
CVE-2023-39321
|
2024-09-27 03:35 |
2023-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1479
|
7.5 |
HIGH
Network
hexo
|
hexo
|
Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.
|
NVD-CWE-noinfo
|
CVE-2023-39584
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1480
|
7.5 |
HIGH
Network
buffalo
|
terastation_nas_5410r_firmware
|
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.
|
NVD-CWE-noinfo
|
CVE-2023-39620
|
2024-09-27 03:35 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|