2321
|
6.5 |
MEDIUM
Network
|
63moons
|
aero wave_2.0
|
This vulnerability exists in the Wave 2.0 due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP re…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-51557
|
2024-11-9 00:19 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2322
|
5.4 |
MEDIUM
Network
|
kraftplugins
|
mega_elements
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kraftplugins Mega Elements allows Stored XSS.This issue affects Mega Elements: from n/a th…
|
CWE-79
Cross-site Scripting
|
CVE-2024-49693
|
2024-11-9 00:19 |
2024-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2323
|
7.5 |
HIGH
Network
ruijie
|
nbr3000d-e_firmware
|
An issue in Ruijie NBR3000D-E Gateway allows a remote attacker to obtain sensitive information via the /tool/shell/postgresql.conf component.
|
NVD-CWE-noinfo
|
CVE-2024-48783
|
2024-11-9 00:19 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2324
|
4.3 |
MEDIUM
Network
|
63moons
|
aero wave_2.0
|
This vulnerability exists in the Wave 2.0 due to improper exception handling for invalid inputs at certain API endpoint. An authenticated remote attacker could exploit this vulnerability by providing…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-51560
|
2024-11-9 00:18 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2325
|
6.1 |
MEDIUM
Network
|
google_docs_rsvp_project
|
google_docs_rsvp
|
Cross-Site Request Forgery (CSRF) vulnerability in Gifford Cheung, Brian Watanabe, Chongsun Ahn Google Docs RSVP allows Stored XSS.This issue affects Google Docs RSVP: from n/a through 2.0.1.
|
CWE-352
Origin Validation Error
|
CVE-2024-49672
|
2024-11-9 00:16 |
2024-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2326
|
4.6 |
MEDIUM
Physics
|
tp-link
|
tapo_h100_firmware
|
This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the …
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-10523
|
2024-11-9 00:14 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2327
|
8.8 |
HIGH
Network
|
microsoft
|
dataverse
|
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
|
NVD-CWE-noinfo
|
CVE-2024-38139
|
2024-11-9 00:14 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2328
|
7.5 |
HIGH
Network
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 is vulnerable to a denial of service, under certain configurations, caused by an unexpected specially crafted request. A remote attacker could exploit this vulner…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2024-45085
|
2024-11-9 00:13 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2329
|
9.8 |
CRITICAL
Network
bg-tek
|
coslat
|
Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069.
…
|
CWE-94
Code Injection
|
CVE-2024-10035
|
2024-11-9 00:11 |
2024-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
2330
|
5.4 |
MEDIUM
Network
|
salesagility
|
suitecrm
|
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The "Publish Key" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site…
|
CWE-79
Cross-site Scripting
|
CVE-2024-50335
|
2024-11-9 00:09 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|