|
331
|
- |
|
-
|
-
|
Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Cam…
Update
|
-
|
CVE-2024-22371
|
2024-10-31 22:35 |
2024-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
332
|
3.3 |
LOW
Local
|
mongodb
|
mongo_crypt_v1.so
mongocryptd
|
A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciph…
Update
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-8013
|
2024-10-31 22:33 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
333
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/sched: sch_ets: don't remove idle classes from the round-robin list
Shuang reported that the following script:
1) tc qdisc …
Update
|
NVD-CWE-noinfo
|
CVE-2021-47595
|
2024-10-31 22:27 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
334
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mptcp: never allow the PM to close a listener subflow
Currently, when deleting an endpoint the netlink PM treverses
all the local…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2021-47594
|
2024-10-31 22:25 |
2024-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
335
|
8.8 |
HIGH
Network
|
priyabratasarkar
|
token_login
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Priyabrata Sarkar Token Login allows Authentication Bypass.This issue affects Token Login: from n/a through 1.0.3.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-50488
|
2024-10-31 22:19 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
336
|
- |
|
-
|
-
|
A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be e…
New
|
CWE-78
OS Command
|
CVE-2024-8934
|
2024-10-31 22:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
337
|
- |
|
-
|
-
|
Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attack…
New
|
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
|
CVE-2024-10454
|
2024-10-31 22:15 |
2024-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
338
|
9.8 |
CRITICAL
Network
tareqhasan
|
meetup
|
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-50483
|
2024-10-31 22:12 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
339
|
9.8 |
CRITICAL
Network
mansurahamed
|
woocommerce_quote_calculator
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocomme…
Update
|
CWE-89
SQL Injection
|
CVE-2024-50479
|
2024-10-31 22:02 |
2024-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
340
|
9.8 |
CRITICAL
Network
codezips
|
hospital_appointment_system
|
A vulnerability, which was classified as critical, was found in Codezips Hospital Appointment System 1.0. This affects an unknown part of the file /loginAction.php. The manipulation of the argument U…
Update
|
CWE-89
SQL Injection
|
CVE-2024-10449
|
2024-10-31 21:47 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
