301
|
7.2 |
HIGH
Network
|
paloaltonetworks
|
pan-os
|
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
Update
|
CWE-78
OS Command
|
CVE-2024-8686
|
2024-10-3 10:35 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
302
|
4.4 |
MEDIUM
Local
|
paloaltonetworks
|
cortex_xdr_agent
|
A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leverag…
Update
|
NVD-CWE-Other
|
CVE-2024-8690
|
2024-10-3 10:29 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
303
|
8.8 |
HIGH
Network
|
woodpecker-ci
|
woodpecker
|
Woodpecker is a simple yet powerful CI/CD engine with great extensibility. The server allow to create any user who can trigger a pipeline run malicious workflows: 1. Those workflows can either lead t…
Update
|
NVD-CWE-noinfo
|
CVE-2024-41122
|
2024-10-3 10:23 |
2024-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
304
|
6.5 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may …
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2024-9355
|
2024-10-3 10:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
305
|
9.6 |
CRITICAL
Network
|
vnote_project
|
vnote
|
VNote is a note-taking platform. A Cross-Site Scripting (XSS) vulnerability has been identified in the Markdown rendering functionality of versions 3.18.1 and prior of the VNote note-taking applicati…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-41662
|
2024-10-3 10:12 |
2024-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
306
|
7.8 |
HIGH
Local
|
telerik
|
ui_for_wpf
|
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-8316
|
2024-10-3 10:01 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
307
|
- |
|
-
|
-
|
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Update
|
-
|
CVE-2024-29824
|
2024-10-3 10:00 |
2024-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
308
|
5.5 |
MEDIUM
Local
|
papercut
|
papercut_ng papercut_mf
|
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incor…
Update
|
CWE-77
Command Injection
|
CVE-2024-8405
|
2024-10-3 09:51 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
309
|
7.5 |
HIGH
Network
nationalkeep
|
cybermath
|
Files or Directories Accessible to External Parties vulnerability in National Keep Cyber Security Services CyberMath allows Collect Data from Common Resource Locations.This issue affects CyberMath: b…
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-7107
|
2024-10-3 09:39 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
310
|
6.1 |
MEDIUM
Network
|
planex
|
cs-qr10_firmware cs-qr20_firmware cs-qr22_firmware cs-qr220_firmware cs-qr300_firmware
|
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45836
|
2024-10-3 09:35 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|