|
313991
|
8.8 |
HIGH
Network
|
progress
|
telerik_reporting
|
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
|
CWE-521
Weak Password Requirements
|
CVE-2024-7293
|
2024-10-15 23:51 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313992
|
8.8 |
HIGH
Network
|
progress
|
telerik_report_server
|
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-7292
|
2024-10-15 23:50 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313993
|
7.5 |
HIGH
Network
|
templateinvaders
|
ti_woocommerce_wishlist
|
The TI WooCommerce Wishlist WordPress plugin through 2.8.2 is vulnerable to SQL Injection due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin…
|
CWE-89
SQL Injection
|
CVE-2024-9156
|
2024-10-15 23:40 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313994
|
5.4 |
MEDIUM
Network
|
essamamdani
|
advanced_blocks_pro
|
The Advanced Blocks Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and o…
|
CWE-79
Cross-site Scripting
|
CVE-2024-9074
|
2024-10-15 23:37 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313995
|
6.1 |
MEDIUM
Network
|
esri
|
portal_for_arcgis
|
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1, 10.9.1 and 10.8.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could …
|
CWE-79
Cross-site Scripting
|
CVE-2024-25691
|
2024-10-15 23:35 |
2024-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313996
|
4.4 |
MEDIUM
Local
|
google
|
android
|
there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploi…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2024-44096
|
2024-10-15 23:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313997
|
7.8 |
HIGH
Local
|
google
|
android
|
In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-44095
|
2024-10-15 23:35 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313998
|
9.8 |
CRITICAL
Network
|
tenda
|
ch22_firmware
|
Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
|
CWE-787
Out-of-bounds Write
|
CVE-2024-46045
|
2024-10-15 23:35 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313999
|
7.8 |
HIGH
Local
|
philiphazel
|
xfpt
|
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is trick…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-43700
|
2024-10-15 23:35 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314000
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8198
|
2024-10-15 23:35 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
