|
315071
|
- |
|
-
|
-
|
A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handl…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-8462
|
2024-09-6 02:45 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315072
|
- |
|
-
|
-
|
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.
|
-
|
CVE-2024-42885
|
2024-09-6 02:44 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315073
|
- |
|
-
|
-
|
itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter.
|
-
|
CVE-2024-44587
|
2024-09-6 02:44 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315074
|
9.8 |
CRITICAL
Network
|
multivendorx
|
multivendorx
|
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capab…
|
CWE-862
Missing Authorization
|
CVE-2024-8289
|
2024-09-6 02:41 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315075
|
6.1 |
MEDIUM
Network
|
raspcontrol_project
|
raspcontrol
|
Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/r…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8413
|
2024-09-6 02:40 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315076
|
6.8 |
MEDIUM
Adjacent
|
wayos
|
fbm-291w_firmware
|
WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm.
|
CWE-77
Command Injection
|
CVE-2024-44383
|
2024-09-6 02:38 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315077
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix for possible memory corruption
Init Control Block is dereferenced incorrectly. Correctly dereference ICB
|
CWE-787
Out-of-bounds Write
|
CVE-2024-42288
|
2024-09-6 02:38 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315078
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: During vport delete send async logout explicitly
During vport delete, it is observed that during unload we hit a c…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-42289
|
2024-09-6 02:37 |
2024-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315079
|
8.8 |
HIGH
Network
|
fogproject
|
fogproject
|
FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebr…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-40645
|
2024-09-6 02:09 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
315080
|
5.9 |
MEDIUM
Network
|
fogproject
|
fogproject
|
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the c…
|
CWE-862
Missing Authorization
|
CVE-2024-41108
|
2024-09-6 01:27 |
2024-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
