241
|
- |
|
-
|
-
|
SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
New
|
-
|
CVE-2024-44812
|
2024-10-24 00:35 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
242
|
- |
|
-
|
-
|
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
New
|
-
|
CVE-2024-10231
|
2024-10-24 00:35 |
2024-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
243
|
8.8 |
HIGH
Network
|
pluginus
|
fox_-_currency_switcher_professional_for_woocommerce
|
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
Update
|
NVD-CWE-Other
|
CVE-2021-24566
|
2024-10-24 00:35 |
2024-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
244
|
9.8 |
CRITICAL
Network
teleadapt
|
roomcast_ta-2400_firmware
|
TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (witho…
Update
|
NVD-CWE-noinfo
|
CVE-2023-33745
|
2024-10-24 00:35 |
2023-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
245
|
7.8 |
HIGH
Local
|
apple
|
macos ipados iphone_os
|
The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.
Update
|
NVD-CWE-noinfo
|
CVE-2023-38410
|
2024-10-24 00:35 |
2023-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
246
|
7.5 |
HIGH
Network
gxsoftware
|
xperiencentral
|
Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed.
Update
|
CWE-20
Improper Input Validation
|
CVE-2022-43713
|
2024-10-24 00:35 |
2023-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
247
|
7.5 |
HIGH
Network
apache
|
apache-airflow-providers-apache-drill
|
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.
Update
|
CWE-20
Improper Input Validation
|
CVE-2023-28707
|
2024-10-24 00:35 |
2023-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
248
|
4.4 |
MEDIUM
Local
|
google yoctoproject linux
|
android yocto linux_kernel
|
In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed …
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2023-20677
|
2024-10-24 00:35 |
2023-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
249
|
7.8 |
HIGH
Local
|
apache
|
james
|
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a
malicious local user.
Administrators are adv…
Update
|
CWE-862
Missing Authorization
|
CVE-2023-26269
|
2024-10-24 00:35 |
2023-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
250
|
8.8 |
HIGH
Network
|
apache
|
unstructured_information_management_architecture
|
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC.
When using the "Dis…
Update
|
CWE-77
Command Injection
|
CVE-2023-28935
|
2024-10-24 00:35 |
2023-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|