|
151
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue m…
Update
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2024-40681
|
2024-11-1 02:15 |
2024-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
5.5 |
MEDIUM
Local
|
ibm
|
mq_operator
|
IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault.
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-40680
|
2024-11-1 02:15 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
5.4 |
MEDIUM
Network
|
tychesoftwares
|
arconix_shortcodes
|
The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input saniti…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-10226
|
2024-11-1 01:48 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
8.8 |
HIGH
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.
Update
|
NVD-CWE-noinfo
|
CVE-2022-30357
|
2024-11-1 01:43 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
8.8 |
HIGH
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.
Update
|
CWE-863
Incorrect Authorization
|
CVE-2022-30358
|
2024-11-1 01:41 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
5.4 |
MEDIUM
Network
|
fastlinemedia
|
beaver_builder
|
The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insuf…
New
|
CWE-79
Cross-site Scripting
|
CVE-2024-9505
|
2024-11-1 01:39 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
6.4 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS (AKA Persistent or Type II) vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentic…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2022-30360
|
2024-11-1 01:38 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
4.3 |
MEDIUM
Network
|
ovaledge
|
ovaledge
|
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with th…
Update
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2022-30359
|
2024-11-1 01:37 |
2024-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
- |
|
-
|
-
|
Insecure Permissions vulnerability in Ethereum v.1.12.2 allows a remote attacker to escalate privileges via the WaterToken Contract.
New
|
-
|
CVE-2024-51425
|
2024-11-1 01:35 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
- |
|
-
|
-
|
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the Owned.setOwner function
New
|
-
|
CVE-2024-51424
|
2024-11-1 01:35 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
