231
|
5.3 |
MEDIUM
Network
grafana
|
grafana
|
Grafana is an open-source platform for monitoring and observability. The CSV datasource plugin is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing CSV data from …
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2023-5122
|
2024-10-24 00:50 |
2024-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
232
|
9.8 |
CRITICAL
Network
paxman
|
product_website_showcase
|
Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a throug…
Update
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-49611
|
2024-10-24 00:49 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
233
|
6.1 |
MEDIUM
Network
|
dotsquares
|
google_map_locations
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dotsquares Google Map Locations allows Reflected XSS.This issue affects Google Map Locatio…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-49606
|
2024-10-24 00:49 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
234
|
9.8 |
CRITICAL
Network
najeebmedia
|
simple_user_registration
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple User Registration allows Authentication Bypass.This issue affects Simple User Registration: from n/a thro…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-49604
|
2024-10-24 00:49 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
235
|
7.5 |
HIGH
Network
ibm
|
jazz_for_service_management
|
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.
Update
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2023-46186
|
2024-10-24 00:43 |
2024-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
236
|
7.8 |
HIGH
Local
|
fortinet
|
fortios
|
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the d…
Update
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2021-44168
|
2024-10-24 00:40 |
2022-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
237
|
9.8 |
CRITICAL
Network
zimbra
|
collaboration
|
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute comma…
Update
|
NVD-CWE-Other
|
CVE-2024-45519
|
2024-10-24 00:39 |
2024-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
238
|
7.8 |
HIGH
Local
|
intel
|
unite
|
Improper access control in some Intel Unite(R) Client software before version 4.2.35041 may allow an authenticated user to potentially enable escalation of privilege via local access.
Update
|
NVD-CWE-noinfo
|
CVE-2023-40161
|
2024-10-24 00:39 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
239
|
6.4 |
MEDIUM
Local
|
intel
|
memory_and_storage_tool
|
Race condition in some Intel(R) MAS software before version 2.3 may allow a privileged user to potentially enable escalation of privilege via local access.
Update
|
CWE-362
Race Condition
|
CVE-2023-41090
|
2024-10-24 00:36 |
2024-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
240
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
driver core: Fix a potential null-ptr-deref in module_add_driver()
Inject fault while probing of-fpga-region, if kasprintf() fail…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-47688
|
2024-10-24 00:36 |
2024-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|