|
1251
|
- |
|
-
|
-
|
Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM …
|
CWE-287
Improper Authentication
|
CVE-2024-51997
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1252
|
- |
|
-
|
-
|
SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id para…
|
-
|
CVE-2024-51211
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1253
|
- |
|
-
|
-
|
hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through push_u…
|
-
|
CVE-2024-50811
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1254
|
- |
|
-
|
-
|
hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView() does not securely filter user input and ren…
|
-
|
CVE-2024-50810
|
2024-11-12 22:56 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1255
|
5.3 |
MEDIUM
Network
-
|
-
|
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12…
|
CWE-362
Race Condition
|
CVE-2024-50313
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1256
|
6.8 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks…
|
CWE-79
Cross-site Scripting
|
CVE-2024-36140
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1257
|
7.8 |
HIGH
Local
|
-
|
-
|
A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to esca…
|
-
|
CVE-2024-29119
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1258
|
7.3 |
HIGH
Local
|
-
|
-
|
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2023-32736
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1259
|
9.8 |
CRITICAL
Network
-
|
-
|
The Relais 2FA plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0. This is due to incorrect authentication and capability checking in the 'rl_do_ajax' f…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2024-10245
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
1260
|
- |
|
-
|
-
|
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.18 due to insufficient input san…
|
CWE-79
Cross-site Scripting
|
CVE-2024-10323
|
2024-11-12 22:55 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
