1531
|
9.8 |
CRITICAL
Network
apache
|
submarine
|
** UNSUPPORTED WHEN ASSIGNED ** Improper Authentication vulnerability in Apache Submarine Commons Utils.
This issue affects Apache Submarine Commons Utils: from 0.8.0.
As this project is retired, w…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-36264
|
2024-09-26 23:32 |
2024-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1532
|
7.8 |
HIGH
Local
|
luxion
|
keyshot keyshot_viewer
|
Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion Key…
|
CWE-416
Use After Free
|
CVE-2024-30375
|
2024-09-26 23:24 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1533
|
7.8 |
HIGH
Local
|
luxion
|
keyshot keyshot_viewer
|
Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxio…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-30374
|
2024-09-26 23:22 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1534
|
8.8 |
HIGH
Network
|
volkov
|
wp_accessibility_helper
|
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH).This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.5.
|
CWE-862
Missing Authorization
|
CVE-2024-31423
|
2024-09-26 23:19 |
2024-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1535
|
9.8 |
CRITICAL
Network
oracle
|
e-business_suite
|
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vul…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2022-21587
|
2024-09-26 23:16 |
2022-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1536
|
9.8 |
CRITICAL
Network
oracle
|
access_manager
|
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily explo…
|
NVD-CWE-Other
|
CVE-2021-35587
|
2024-09-26 23:13 |
2022-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1537
|
8.8 |
HIGH
Network
|
djl
|
deep_java_library
|
A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to …
|
CWE-22
Path Traversal
|
CVE-2024-2914
|
2024-09-26 23:12 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1538
|
9.8 |
CRITICAL
Network
3rdmill
|
novi_survey
|
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.
|
CWE-94
Code Injection
|
CVE-2023-29492
|
2024-09-26 23:10 |
2023-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1539
|
7.2 |
HIGH
Network
|
trendmicro
|
apex_one worry-free_business_security worry-free_business_security_services
|
A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an atta…
|
NVD-CWE-noinfo
|
CVE-2023-41179
|
2024-09-26 23:08 |
2023-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1540
|
6.5 |
MEDIUM
Network
|
deno
|
deno
|
An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different dom…
|
CWE-706
Use of Incorrectly-Resolved Name or Reference
|
CVE-2024-37150
|
2024-09-26 23:04 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|