2041
|
- |
|
-
|
-
|
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-12677
|
2024-12-21 02:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2042
|
- |
|
-
|
-
|
Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipu…
|
-
|
CVE-2024-55471
|
2024-12-21 01:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2043
|
- |
|
-
|
-
|
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access …
|
-
|
CVE-2024-55470
|
2024-12-21 01:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2044
|
- |
|
-
|
-
|
An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the…
|
-
|
CVE-2024-55186
|
2024-12-21 01:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2045
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-12840
|
2024-12-21 01:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2046
|
- |
|
-
|
-
|
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code.
If an admin views…
|
-
|
CVE-2024-10385
|
2024-12-21 01:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2047
|
- |
|
-
|
-
|
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 throu…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2024-56337
|
2024-12-21 01:15 |
2024-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2048
|
- |
|
-
|
-
|
Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to ac…
|
CWE-20 CWE-639
Improper Input Validation Authorization Bypass Through User-Controlled Key
|
CVE-2024-12014
|
2024-12-21 01:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2049
|
- |
|
-
|
-
|
There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be …
|
-
|
CVE-2024-7726
|
2024-12-21 01:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2050
|
- |
|
-
|
-
|
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core sea…
|
CWE-200 CWE-203
Information Exposure Information Exposure Through Discrepancy
|
CVE-2024-11297
|
2024-12-21 01:15 |
2024-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|