61
|
5.4 |
MEDIUM
Network
|
dotcamp
|
ultimate_blocks
|
The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow use…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-8536
|
2024-10-4 03:16 |
2024-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
62
|
- |
|
-
|
-
|
Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly i…
New
|
CWE-440
Expected Behavior Violation
|
CVE-2024-47762
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
63
|
- |
|
-
|
-
|
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTT…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-41988
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
64
|
- |
|
-
|
-
|
The TEM Opera Plus FM Family Transmitter application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exp…
New
|
CWE-352
Origin Validation Error
|
CVE-2024-41987
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
65
|
- |
|
-
|
-
|
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header.
New
|
-
|
CVE-2024-34535
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
66
|
- |
|
-
|
-
|
Eufy HomeBase 2 model T8010X v3.2.8.3h was discovered to use the deprecated wireless protocol WPA2-PSK.
New
|
-
|
CVE-2023-37822
|
2024-10-4 03:15 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
67
|
4.6 |
MEDIUM
Network
|
liferay
|
digital_experience_platform liferay_portal
|
Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions…
Update
|
CWE-384
Session Fixation
|
CVE-2023-47798
|
2024-10-4 03:13 |
2024-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
68
|
7.5 |
HIGH
Adjacent
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 DecodeUTF7 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Al…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-23935
|
2024-10-4 03:07 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
69
|
8.8 |
HIGH
Adjacent
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine…
Update
|
CWE-416
Use After Free
|
CVE-2024-23923
|
2024-10-4 03:07 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
70
|
6.8 |
MEDIUM
Physics
|
alpsalpine
|
ilx-f509_firmware
|
Alpine Halo9 UPDM_wemCmdUpdFSpeDecomp Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations…
Update
|
CWE-78
OS Command
|
CVE-2024-23961
|
2024-10-4 03:06 |
2024-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|