|
1111
|
- |
|
-
|
-
|
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Pa…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2024-4311
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1112
|
- |
|
-
|
-
|
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This is…
Update
|
CWE-200
Information Exposure
|
CVE-2024-3502
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1113
|
- |
|
-
|
-
|
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/us…
Update
|
CWE-200
Information Exposure
|
CVE-2024-3501
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1114
|
- |
|
-
|
-
|
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifical…
Update
|
-
|
CVE-2024-3379
|
2024-11-19 01:35 |
2024-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1115
|
4.8 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the inte…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45087
|
2024-11-19 01:34 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1116
|
5.4 |
MEDIUM
Network
|
ibm
|
maximo_asset_management
|
IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the inte…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2024-45088
|
2024-11-19 01:33 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1117
|
7.8 |
HIGH
Local
|
ivanti
|
endpoint_manager
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction …
Update
|
CWE-89
SQL Injection
|
CVE-2024-50323
|
2024-11-19 01:32 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1118
|
7.8 |
HIGH
Local
|
ivanti
|
endpoint_manager
|
Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction…
Update
|
CWE-22
Path Traversal
|
CVE-2024-50322
|
2024-11-19 01:30 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1119
|
- |
|
-
|
-
|
sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execut…
Update
|
-
|
CVE-2024-48073
|
2024-11-19 00:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1120
|
- |
|
-
|
-
|
wac commit 385e1 was discovered to contain a heap overflow.
Update
|
-
|
CVE-2024-35420
|
2024-11-19 00:35 |
2024-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
