|
314871
|
7.5 |
HIGH
Network
|
zzcms
|
zzcms
|
A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to pa…
|
CWE-22
Path Traversal
|
CVE-2024-7926
|
2024-09-5 03:42 |
2024-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314872
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Let probe fail when workqueue cannot be enabled
The workqueue is enabled when the appropriate driver is loaded a…
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-48868
|
2024-09-5 03:38 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314873
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: sdata can be NULL during AMPDU start
ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a
deauthe…
|
CWE-476
NULL Pointer Dereference
|
CVE-2022-48875
|
2024-09-5 03:33 |
2024-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314874
|
7.5 |
HIGH
Network
|
avtecinc
|
outpost_uploader_utility
outpost_0810_firmware
|
Avtec Outpost stores sensitive information in an insecure location without proper access controls in place.
|
CWE-219
Storage of File with Sensitive Data Under Web Root
|
CVE-2024-39776
|
2024-09-5 03:25 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314875
|
7.5 |
HIGH
Network
|
avtecinc
|
outpost_uploader_utility
outpost_0810_firmware
|
Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information.
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2024-42418
|
2024-09-5 03:22 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314876
|
9.8 |
CRITICAL
Network
|
angeljudesuarez
|
e-commerce_website
|
A vulnerability has been found in itsourcecode E-Commerce Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file search_list.php. The manipulat…
|
CWE-89
SQL Injection
|
CVE-2024-8139
|
2024-09-5 03:02 |
2024-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314877
|
8.1 |
HIGH
Network
|
progress
|
ws_ftp_server
|
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in wit…
|
CWE-287
Improper Authentication
|
CVE-2024-7745
|
2024-09-5 02:57 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314878
|
6.5 |
MEDIUM
Network
|
progress
|
ws_ftp_server
|
In WS_FTP Server versions before 8.8.8 (2022.0.8), an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Web Transfer Module allows File Discovery, Pr…
|
CWE-22
Path Traversal
|
CVE-2024-7744
|
2024-09-5 02:57 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314879
|
5.4 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly restrict channel creation which allows a malicious remote to create arbitrary channels, when shared channels were enabled.
|
NVD-CWE-noinfo
|
CVE-2024-39837
|
2024-09-5 02:38 |
2024-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314880
|
8.8 |
HIGH
Network
|
easytest_online_test_platform_project
|
easytest_online_test_platform
|
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter.
|
CWE-89
SQL Injection
|
CVE-2024-7871
|
2024-09-5 02:34 |
2024-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
