691
|
2.3 |
LOW
Local
|
apple
|
macos iphone_os ipados
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15, iOS 18 and iPadOS 18. A malicious app with root privileges may be able to access keyboard inpu…
New
|
NVD-CWE-noinfo
|
CVE-2024-44123
|
2024-10-30 02:37 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
692
|
- |
|
-
|
-
|
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to SQL Injection in the `transaction_delete_group` function. The vulnerability is due to improper sanitization of user input in the …
Update
|
-
|
CVE-2024-41618
|
2024-10-30 02:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
693
|
- |
|
-
|
-
|
Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control. The `redirect_if_not_loggedin` function in `functions_security.php` fails to terminate script execution…
Update
|
-
|
CVE-2024-41617
|
2024-10-30 02:35 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
694
|
9.8 |
CRITICAL
Network
apache netapp
|
http_server clustered_data_ontap
|
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious o…
Update
|
NVD-CWE-noinfo
|
CVE-2024-38476
|
2024-10-30 02:35 |
2024-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
695
|
- |
|
-
|
-
|
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attack…
Update
|
-
|
CVE-2024-2402
|
2024-10-30 02:35 |
2024-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
696
|
4.4 |
MEDIUM
Local
|
devolutions
|
remote_desktop_manager
|
Inadequate validation of permissions when employing remote tools and
macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and
earlier permits a user to initiate…
Update
|
NVD-CWE-noinfo
|
CVE-2023-7047
|
2024-10-30 02:35 |
2023-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
697
|
6.5 |
MEDIUM
Network
|
apple
|
macos watchos safari iphone_os ipados
|
A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Ma…
New
|
NVD-CWE-noinfo
|
CVE-2024-44155
|
2024-10-30 02:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
698
|
5.5 |
MEDIUM
Local
|
apple
|
watchos tvos iphone_os ipados macos
|
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and …
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-44144
|
2024-10-30 02:34 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
699
|
5.4 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via Angular template injection in Hub settings
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-50577
|
2024-10-30 02:18 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
700
|
5.4 |
MEDIUM
Network
|
jetbrains
|
youtrack
|
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible via vendor URL in App manifest
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-50576
|
2024-10-30 02:18 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|