|
421
|
5.1 |
MEDIUM
Local
|
-
|
-
|
SolarWinds Kiwi CatTools is susceptible to a sensitive data disclosure vulnerability when a non-default setting has been enabled for troubleshooting purposes.
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-45713
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
422
|
- |
|
-
|
-
|
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-10068
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
423
|
7.2 |
HIGH
Network
-
|
-
|
The SendPulse Free Web Push plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.3.6 due to incorrect use of the wp_kses_allowed_html function. Th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9184
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
424
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Fonto – Custom Web Fonts Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8920
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
425
|
- |
|
-
|
-
|
Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-79
Cross-site Scripting
|
CVE-2024-49392
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
426
|
- |
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-49391
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
427
|
- |
|
-
|
-
|
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-49390
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
428
|
- |
|
-
|
-
|
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-276
Incorrect Default Permissions
|
CVE-2024-49389
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
429
|
- |
|
-
|
-
|
Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24.
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2024-49386
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
430
|
- |
|
-
|
-
|
A vulnerability in the .sdd file allows an attacker to read default passwords stored in plain text within the code. By exploiting these plaintext credentials, an attacker can log into affected SICK p…
|
-
|
CVE-2024-10025
|
2024-10-18 21:52 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
