221
|
- |
|
-
|
-
|
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
New
|
-
|
CVE-2024-9333
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
222
|
- |
|
-
|
-
|
Stored HTML Injection in Social Module in M-Files Hubshare before version 5.0.8.6 allows authenticated user to spoof UI
New
|
-
|
CVE-2024-9174
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
223
|
- |
|
-
|
-
|
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to…
New
|
-
|
CVE-2024-7315
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
224
|
- |
|
-
|
-
|
PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php.
New
|
-
|
CVE-2024-44610
|
2024-10-2 15:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
225
|
9.8 |
CRITICAL
Network
-
|
-
|
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2023-1083
|
2024-10-2 15:15 |
2024-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
226
|
5.3 |
MEDIUM
Local
|
wago
|
compact_controller_100_firmware edge_controller_firmware pfc100_firmware pfc200_firmware touch_panel_600_advanced_firmware touch_panel_600_marine_firmware touch_panel_600_standard_f…
|
Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privile…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2023-3379
|
2024-10-2 15:15 |
2023-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
227
|
8.8 |
HIGH
Network
|
codesys
|
development_system
|
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received…
Update
|
CWE-940
Improper Verification of Source of a Communication Channel
|
CVE-2023-3663
|
2024-10-2 15:15 |
2023-08-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
228
|
8.8 |
HIGH
Network
|
taphome
|
core_firmware
|
A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2023-2759
|
2024-10-2 15:15 |
2023-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
229
|
4.9 |
MEDIUM
Network
|
wago
|
750-331_firmware 750-8202_firmware 750-8202\/000-011_firmware 750-8202\/000-012_firmware 750-8202\/000-022_firmware 750-8202\/025-000_firmware 750-8202\/025-001_firmware 750-8202…
|
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime.
Update
|
CWE-1288
Improper Validation of Consistency within Input
|
CVE-2023-1620
|
2024-10-2 15:15 |
2023-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
230
|
4.9 |
MEDIUM
Network
|
wago
|
750-331_firmware 750-8202_firmware 750-8202\/000-011_firmware 750-8202\/000-012_firmware 750-8202\/000-022_firmware 750-8202\/025-000_firmware 750-8202\/025-001_firmware 750-8202…
|
Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet.
Update
|
-
|
CVE-2023-1619
|
2024-10-2 15:15 |
2023-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|