|
1061
|
9.8 |
CRITICAL
Network
deltaww
|
diaenergie
|
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script AM_RegReport.aspx. An unauthenticated attacker may be able to exploit this issue to obtain records contained in the target…
Update
|
CWE-89
SQL Injection
|
CVE-2024-43699
|
2024-10-9 00:44 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1062
|
8.8 |
HIGH
Network
|
deltaww
|
diaenergie
|
Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product.
Update
|
CWE-89
SQL Injection
|
CVE-2024-42417
|
2024-10-9 00:43 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1063
|
9.8 |
CRITICAL
Network
draytek
|
vigor3912_firmware
vigor2962_firmware
vigor3910_firmware
vigor165_firmware
vigor1000b_firmware
vigor166_firmware
vigor2135_firmware
vigor2763_firmware
vigor2765_firmware
vi…
|
DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2024-41593
|
2024-10-9 00:35 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1064
|
5.3 |
MEDIUM
Network
lockss
|
classic_lockss_daemon
|
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.
Update
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2023-42183
|
2024-10-9 00:35 |
2023-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1065
|
8.8 |
HIGH
Network
|
google
fedoraproject
microsoft
|
chrome
fedora
edge_chromium
|
Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-843
Type Confusion
|
CVE-2023-6702
|
2024-10-9 00:35 |
2023-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1066
|
8.8 |
HIGH
Network
|
pluck-cms
|
pluck
|
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2023-50564
|
2024-10-9 00:35 |
2023-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1067
|
9.8 |
CRITICAL
Network
joomcode
|
jcdashboard
|
Unauthenticated LFI/SSRF in JCDashboards component for Joomla.
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2023-40630
|
2024-10-9 00:35 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1068
|
9.8 |
CRITICAL
Network
sammycage
|
plutosvg
|
PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory.
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2023-44709
|
2024-10-9 00:35 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1069
|
9.8 |
CRITICAL
Network
common-services
|
soliberte
|
SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters.
Update
|
CWE-89
SQL Injection
|
CVE-2023-40921
|
2024-10-9 00:35 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1070
|
8.8 |
HIGH
Network
|
jenkins
|
nexus_platform
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response a…
Update
|
CWE-352
Origin Validation Error
|
CVE-2023-50766
|
2024-10-9 00:35 |
2023-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
