|
1431
|
8.8 |
HIGH
Network
|
level1
|
wbr-6012_firmware
|
A cross-site request forgery (CSRF) vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An at…
|
CWE-352
Origin Validation Error
|
CVE-2024-24777
|
2024-11-9 04:00 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1432
|
- |
|
-
|
-
|
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin.
|
-
|
CVE-2024-50966
|
2024-11-9 03:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1433
|
- |
|
-
|
-
|
Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables wer…
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2024-50378
|
2024-11-9 03:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1434
|
8.1 |
HIGH
Network
|
level1
|
wbr-6012_firmware
|
The LevelOne WBR-6012 router with firmware R0.40e6 has an authentication bypass vulnerability in its web application due to reliance on client IP addresses for authentication. Attackers could spoof a…
|
CWE-291
Reliance on IP Address for Authentication
|
CVE-2024-23309
|
2024-11-9 03:27 |
2024-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1435
|
- |
|
-
|
-
|
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a com…
|
-
|
CVE-2024-35314
|
2024-11-9 03:15 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1436
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an una…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2024-47493
|
2024-11-9 03:15 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1437
|
5.8 |
MEDIUM
Network
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2024-10006
|
2024-11-9 03:10 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1438
|
5.8 |
MEDIUM
Network
hashicorp
|
consul
|
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.
|
CWE-22
Path Traversal
|
CVE-2024-10005
|
2024-11-9 03:10 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1439
|
7.5 |
HIGH
Adjacent
|
hp
|
poly_tc8_firmware
poly_tc10_firmware
poly_studio_g7500_firmware
poly_studio_x30_firmware
poly_studio_x50_firmware
poly_studio_x70_firmware
poly_studio_x52_firmware
poly_studio_g6…
|
A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a …
|
CWE-77
Command Injection
|
CVE-2024-9579
|
2024-11-9 03:08 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1440
|
7.8 |
HIGH
Local
|
adobe
|
substance_3d_painter
|
Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-49522
|
2024-11-9 03:06 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
