|
1031
|
7.5 |
HIGH
Network
octavolabs
|
vernemq
|
A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-44459
|
2024-10-31 05:35 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1032
|
- |
|
-
|
-
|
A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML vi…
Update
|
-
|
CVE-2024-42550
|
2024-10-31 05:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1033
|
6.8 |
MEDIUM
Physics
|
gncchome
|
gncc_c2_firmware
|
Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port.
New
|
CWE-287
Improper Authentication
|
CVE-2024-31800
|
2024-10-31 05:35 |
2024-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1034
|
5.5 |
MEDIUM
Local
|
isellerpal
|
enterprise_resource_management_system
|
An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component
Update
|
NVD-CWE-noinfo
|
CVE-2024-42677
|
2024-10-31 05:35 |
2024-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1035
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTM…
Update
|
NVD-CWE-noinfo
|
CVE-2024-6999
|
2024-10-31 05:35 |
2024-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1036
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
|
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions.
*This issue only affects Android versions of Firefox.* Thi…
Update
|
NVD-CWE-Other
|
CVE-2024-7523
|
2024-10-31 05:35 |
2024-08-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1037
|
6.5 |
MEDIUM
Network
|
haxx
|
libcurl
|
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an
ASN.1 Generalized Time field. If given an syntactically incorrect field, the
parser might end up using -1 for the length…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2024-7264
|
2024-10-31 05:35 |
2024-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1038
|
5.4 |
MEDIUM
Network
|
oretnom23
|
lost_and_found_information_system
|
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-37856
|
2024-10-31 05:35 |
2024-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1039
|
7.5 |
HIGH
Network
samsung
|
exynos_850_firmware
exynos_1080_firmware
exynos_2100_firmware
exynos_2200_firmware
exynos_1280_firmware
exynos_1380_firmware
exynos_1330_firmware
exynos_w930_firmware
|
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check …
Update
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-27360
|
2024-10-31 05:35 |
2024-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1040
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox …
Update
|
NVD-CWE-noinfo
|
CVE-2024-6610
|
2024-10-31 05:35 |
2024-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
