2571
|
9.8 |
CRITICAL
Network
thinkphp
|
thinkphp
|
A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-44902
|
2024-09-20 23:55 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2572
|
9.1 |
CRITICAL
Network
baxter
|
connex_health_portal
|
In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex po…
|
NVD-CWE-noinfo
|
CVE-2024-6796
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2573
|
9.8 |
CRITICAL
Network
baxter
|
connex_health_portal
|
In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal's database.…
|
CWE-89
SQL Injection
|
CVE-2024-6795
|
2024-09-20 23:53 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2574
|
9.8 |
CRITICAL
Network
sfs
|
winsure
|
Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2.
|
CWE-94
Code Injection
|
CVE-2024-7104
|
2024-09-20 23:44 |
2024-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2575
|
- |
|
-
|
-
|
runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audi…
|
-
|
CVE-2024-46959
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2576
|
- |
|
-
|
-
|
An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38…
|
-
|
CVE-2024-45523
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2577
|
- |
|
-
|
-
|
Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card.
|
-
|
CVE-2023-41612
|
2024-09-20 23:35 |
2024-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2578
|
6.5 |
MEDIUM
Network
|
syscomgo
|
omflow
|
OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of ot…
|
NVD-CWE-noinfo
|
CVE-2024-8780
|
2024-09-20 23:35 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2579
|
7.8 |
HIGH
Local
|
konghq
|
insomnia
|
Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
|
NVD-CWE-noinfo
|
CVE-2023-40299
|
2024-09-20 23:35 |
2023-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2580
|
8.8 |
HIGH
Adjacent
|
furunosystems
|
acera_1310_firmware acera_1320_firmware
|
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the a…
|
CWE-287
Improper Authentication
|
CVE-2023-42771
|
2024-09-20 23:35 |
2023-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|