|
2691
|
- |
|
-
|
-
|
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is …
|
-
|
CVE-2024-21496
|
2024-11-7 04:35 |
2024-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2692
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerabi…
|
-
|
CVE-2024-20966
|
2024-11-7 04:35 |
2024-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2693
|
- |
|
-
|
-
|
In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution pri…
|
-
|
CVE-2024-0030
|
2024-11-7 04:35 |
2024-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2694
|
7.8 |
HIGH
Local
|
ibm
|
robotic_process_automation
|
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges…
|
NVD-CWE-noinfo
|
CVE-2023-22593
|
2024-11-7 04:35 |
2023-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2695
|
4.8 |
MEDIUM
Network
|
migaweb
|
accordion_title_for_elementor
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor allows Stored XSS.This issue affects Accordi…
|
CWE-79
Cross-site Scripting
|
CVE-2024-51685
|
2024-11-7 04:34 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2696
|
7.5 |
HIGH
Network
aetherproject
|
onos-a1t
sdran-in-a-box
|
An issue in Open Networking Foundations sdran-in-a-box v.1.4.3 and onos-a1t v.0.2.3 allows a remote attacker to cause a denial of service via the onos-a1t component of the sdran-in-a-box, specificall…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-48809
|
2024-11-7 04:33 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2697
|
9.8 |
CRITICAL
Network
openimaj
|
openimaj
|
An XML External Entity (XXE) vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file.
|
CWE-611
XXE
|
CVE-2024-51136
|
2024-11-7 04:31 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
2698
|
4.9 |
MEDIUM
Network
|
bitrix24
|
bitrix24
|
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server v…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-34887
|
2024-11-7 04:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2699
|
4.9 |
MEDIUM
Network
|
bitrix24
|
bitrix24
|
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-34883
|
2024-11-7 04:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2700
|
4.9 |
MEDIUM
Network
|
bitrix24
|
bitrix24
|
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-34882
|
2024-11-7 04:28 |
2024-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
