231
|
7.5 |
HIGH
Network
rigol
|
mso5000_firmware
|
The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi a…
Update
|
NVD-CWE-noinfo
|
CVE-2023-38379
|
2024-10-31 03:35 |
2023-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
232
|
6.1 |
MEDIUM
Network
|
projectworlds
|
simple_web-based_chat_application
|
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manip…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-10433
|
2024-10-31 03:31 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
233
|
7.1 |
HIGH
Local
|
apple
|
iphone_os ipados visionos tvos
|
This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, visionOS 2.1, tvOS 18.1. Restoring a maliciously crafted ba…
New
|
CWE-59
Link Following
|
CVE-2024-44258
|
2024-10-31 03:28 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
234
|
8.8 |
HIGH
Network
|
agnai
|
agnai
|
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen …
Update
|
CWE-434 CWE-35
Unrestricted Upload of File with Dangerous Type Path Traversal: '.../...//'
|
CVE-2024-47169
|
2024-10-31 03:25 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
235
|
6.1 |
MEDIUM
Network
|
cvat
|
computer_vision_annotation_tool
|
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing ta…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-47063
|
2024-10-31 03:24 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
236
|
9.8 |
CRITICAL
Network
filemanagerpro
|
file_manager
|
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible …
Update
|
CWE-862
Missing Authorization
|
CVE-2018-25105
|
2024-10-31 03:23 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
237
|
6.1 |
MEDIUM
Network
|
cvat
|
computer_vision_annotation_tool
|
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed UR…
Update
|
CWE-79 CWE-81
Cross-site Scripting Improper Neutralization of Script in an Error Message Web Page
|
CVE-2024-47064
|
2024-10-31 03:23 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
238
|
9.8 |
CRITICAL
Network
codezips
|
pet_shop_management_system
|
A vulnerability was found in Codezips Pet Shop Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /deleteanimal.php. The manipulation of the …
Update
|
CWE-89
SQL Injection
|
CVE-2024-10427
|
2024-10-31 03:21 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
239
|
7.5 |
HIGH
Network
vasyltech
|
advanced_access_manager
|
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media paramet…
Update
|
CWE-22
Path Traversal
|
CVE-2019-25213
|
2024-10-31 03:20 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
240
|
5.4 |
MEDIUM
Network
|
cvat
|
computer_vision_annotation_tool
|
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with a CVAT account may retrieve certain information about any project, task,…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-47172
|
2024-10-31 03:20 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|