1441
|
- |
|
-
|
-
|
WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
|
-
|
CVE-2024-37779
|
2024-09-27 23:35 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1442
|
5.4 |
MEDIUM
Network
|
happyforms
|
happyforms
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-44063
|
2024-09-27 23:31 |
2024-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1443
|
4.8 |
MEDIUM
Network
|
expresstech
|
quiz_and_survey_master
|
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Sc…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8758
|
2024-09-27 23:29 |
2024-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1444
|
7.2 |
HIGH
Network
|
purestorage
|
purity\/\/fa
|
A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.
|
CWE-94
Code Injection
|
CVE-2024-0004
|
2024-09-27 23:24 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1445
|
7.2 |
HIGH
Network
|
purestorage
|
purity\/\/fa
|
A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.
|
NVD-CWE-noinfo
|
CVE-2024-0003
|
2024-09-27 23:23 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1446
|
7.5 |
HIGH
Network
ibm
|
db2
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2023-47152
|
2024-09-27 23:15 |
2024-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1447
|
8.1 |
HIGH
Network
|
ibm
|
cics_transaction_gateway
|
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2023-47140
|
2024-09-27 23:15 |
2024-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1448
|
7.5 |
HIGH
Network
ibm
|
txseries_for_multiplatform cics_tx
|
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial …
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2023-33850
|
2024-09-27 23:15 |
2023-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1449
|
7.8 |
HIGH
Local
|
ibm
|
spectrum_protect_backup-archive_client
|
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2023-28956
|
2024-09-27 23:15 |
2023-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1450
|
9.8 |
CRITICAL
Network
purestorage
|
purity\/\/fa
|
A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.
|
NVD-CWE-noinfo
|
CVE-2024-0002
|
2024-09-27 23:13 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|