491
|
- |
|
-
|
-
|
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient…
|
CWE-287
Improper Authentication
|
CVE-2024-49376
|
2024-10-25 22:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
492
|
- |
|
-
|
-
|
This vulnerability exists in Matrix Door Controller Cosec Vega FAXQ due to improper implementation of session management at the web-based management interface. A remote attacker could exploit this vu…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-10381
|
2024-10-25 22:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
493
|
- |
|
-
|
-
|
A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/ajax_p…
|
-
|
CVE-2024-10380
|
2024-10-25 22:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
494
|
- |
|
-
|
-
|
A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationS…
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2024-10379
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
495
|
- |
|
-
|
-
|
A vulnerability classified as critical has been found in ESAFENET CDG 5. Affected is the function actionViewCDGRenewFile of the file /com/esafenet/servlet/client/CDGRenewApplicationService.java. The …
|
CWE-89
SQL Injection
|
CVE-2024-10378
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
496
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmem_loginout shortcode in all versions up to, and including, 3.4.9.5 due to insuf…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10374
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
497
|
- |
|
-
|
-
|
Dell Data Lakehouse, version(s) 1.0.0.0 and 1.1.0.0, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with…
|
CWE-89
SQL Injection
|
CVE-2024-47483
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
498
|
- |
|
-
|
-
|
Dell Data Lakehouse, version(s) 1.0.0.0, 1.1.0., contain(s) an Improper Access Control vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerabi…
|
CWE-284
Improper Access Control
|
CVE-2024-47481
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
499
|
- |
|
-
|
-
|
there is a possible man-in-the-middle attack due to a logic error in the code. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is no…
|
-
|
CVE-2024-47023
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
500
|
- |
|
-
|
-
|
In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution pr…
|
-
|
CVE-2024-47021
|
2024-10-25 21:56 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|