241
|
7.5 |
HIGH
Network
oretnom23
|
online_eyewear_shop
|
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_category.php. The ma…
Update
|
CWE-89
SQL Injection
|
CVE-2024-9081
|
2024-09-28 01:17 |
2024-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
242
|
- |
|
-
|
-
|
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inp…
New
|
CWE-94
Code Injection
|
CVE-2024-6983
|
2024-09-28 01:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
243
|
- |
|
-
|
-
|
authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user agai…
New
|
CWE-863
Incorrect Authorization
|
CVE-2024-47077
|
2024-09-28 01:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
244
|
- |
|
-
|
-
|
authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsab…
New
|
CWE-287
Improper Authentication
|
CVE-2024-47070
|
2024-09-28 01:15 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
245
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for El…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-38674
|
2024-09-28 01:15 |
2024-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
246
|
- |
|
-
|
-
|
Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis si…
Update
|
-
|
CVE-2023-51392
|
2024-09-28 01:15 |
2024-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
247
|
- |
|
-
|
-
|
Malformed S2 Nonce Get Command Class packets can be sent to crash PC Controller v5.54.0 and earlier.
Update
|
-
|
CVE-2023-6640
|
2024-09-28 01:15 |
2024-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
248
|
- |
|
-
|
-
|
Malformed Device Reset Locally Command Class packets can be sent to the controller, causing the controller to assume the end device has left the network. After this, frames sent by the end device wil…
Update
|
-
|
CVE-2023-6533
|
2024-09-28 01:15 |
2024-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
249
|
6.8 |
MEDIUM
Physics
|
silabs
|
gecko_software_development_kit
|
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
Update
|
CWE-909
Missing Initialization of Resource
|
CVE-2023-5138
|
2024-09-28 01:15 |
2024-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250
|
6.5 |
MEDIUM
Adjacent
|
silabs
|
z-wave_software_development_kit
|
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by d…
Update
|
NVD-CWE-noinfo
|
CVE-2023-5310
|
2024-09-28 01:15 |
2023-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|