1071
|
8.8 |
HIGH
Network
|
relyum
|
rely-pcie_firmware rely-rec_firmware
|
Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface.
Update
|
CWE-352
Origin Validation Error
|
CVE-2023-47578
|
2024-10-9 00:35 |
2023-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1072
|
5.3 |
MEDIUM
Network
mediawiki
|
mediawiki
|
An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by …
Update
|
NVD-CWE-noinfo
|
CVE-2023-36674
|
2024-10-9 00:35 |
2023-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1073
|
8.8 |
HIGH
Adjacent
|
elecom
|
wrc-1467ghbk-a_firmware wrc-1467ghbk-s_firmware wrc-1900ghbk-a_firmware wrc-1900ghbk-s_firmware wrc-600ghbk-a_firmware wrc-733febk2-a_firmware wrc-f1167acf2_firmware
|
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to th…
Update
|
NVD-CWE-Other
|
CVE-2023-39445
|
2024-10-9 00:35 |
2023-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1074
|
8.0 |
HIGH
Adjacent
|
elecom
|
lan-wh300n\/re_firmware
|
Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console.
Update
|
NVD-CWE-Other
|
CVE-2023-38576
|
2024-10-9 00:35 |
2023-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1075
|
8.8 |
HIGH
Adjacent
|
elecom
|
lan-w451ngr_firmware
|
LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.
Update
|
NVD-CWE-noinfo
|
CVE-2023-38132
|
2024-10-9 00:35 |
2023-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1076
|
9.8 |
CRITICAL
Network
elecom
|
lan-w300n\/rs_firmware lan-w300n\/pr5_firmware
|
Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute ar…
Update
|
NVD-CWE-Other
|
CVE-2023-32626
|
2024-10-9 00:35 |
2023-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1077
|
7.5 |
HIGH
Network
powerjob
|
powerjob
|
An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.
Update
|
NVD-CWE-Other
|
CVE-2023-36106
|
2024-10-9 00:35 |
2023-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1078
|
7.2 |
HIGH
Network
|
atlassian
|
jira data_center jira_server jira_data_center
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email …
Update
|
NVD-CWE-noinfo
|
CVE-2021-43947
|
2024-10-9 00:35 |
2022-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1079
|
6.1 |
MEDIUM
Network
|
draytek
|
vigor2620_firmware vigor2915_firmware vigor2866_firmware vigor2766_firmware vigor2865_firmware vigor2765_firmware vigor2763_firmware vigor2135_firmware vigor166_firmware vi…
|
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-41591
|
2024-10-9 00:34 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1080
|
6.1 |
MEDIUM
Network
|
cozmoslabs
|
membership_\&_content_restriction_-_paid_member_subscriptions
|
The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_a…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-9222
|
2024-10-9 00:34 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|