21
|
9.8 |
CRITICAL
Network
agpt
|
autogpt
|
AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command…
Update
|
CWE-78
OS Command
|
CVE-2024-1881
|
2024-10-9 06:38 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
22
|
8.8 |
HIGH
Network
|
apache
|
nifi
|
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver tha…
Update
|
CWE-94
Code Injection
|
CVE-2023-34468
|
2024-10-9 06:35 |
2023-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
23
|
8.2 |
HIGH
Network
ibm
|
doors_next
|
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulner…
Update
|
CWE-611
XXE
|
CVE-2023-45192
|
2024-10-9 06:18 |
2024-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
24
|
5.3 |
MEDIUM
Network
cisco
|
meraki_mx65_firmware meraki_mx64_firmware meraki_z4c_firmware meraki_z4_firmware meraki_z3c_firmware meraki_z3_firmware meraki_vmx_firmware meraki_mx600_firmware meraki_mx450_…
|
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-20513
|
2024-10-9 06:16 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
25
|
8.8 |
HIGH
Network
|
wpdeveloper
|
essential_blocks
|
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg.This issue affects Essential Blocks for Gutenberg: from n/a through 4.4.9.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30467
|
2024-10-9 06:09 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
26
|
8.8 |
HIGH
Network
|
onthegosystems
|
woocommerce_multilingual_\&_multicurrency
|
Missing Authorization vulnerability in OnTheGoSystems WooCommerce Multilingual & Multicurrency.This issue affects WooCommerce Multilingual & Multicurrency: from n/a through 5.3.4.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30466
|
2024-10-9 06:04 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
27
|
7.5 |
HIGH
Network
cisco
|
ios_xe
|
A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) co…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-20436
|
2024-10-9 06:00 |
2024-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
28
|
8.8 |
HIGH
Network
|
jch_optimize_project
|
jch_optimize
|
Broken Access Control vulnerability in Samuel Marshall JCH Optimize.This issue affects JCH Optimize: from n/a through 4.0.0.
Update
|
NVD-CWE-noinfo
|
CVE-2024-30481
|
2024-10-9 05:49 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
29
|
8.8 |
HIGH
Network
|
yithemes
|
woocommerce_account_funds
|
Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0.
Update
|
CWE-862
Missing Authorization
|
CVE-2024-30470
|
2024-10-9 05:43 |
2024-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
30
|
- |
|
-
|
-
|
Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS).
New
|
-
|
CVE-2024-46539
|
2024-10-9 05:35 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|