|
313171
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft-g2
|
Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-47966
|
2024-10-17 23:36 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313172
|
7.8 |
HIGH
Local
|
deltaww
|
cncsoft-g2
|
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page …
|
CWE-125
Out-of-bounds Read
|
CVE-2024-47965
|
2024-10-17 23:36 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313173
|
6.1 |
MEDIUM
Network
|
rems
|
profile_registration_without_reload\/refresh
|
A vulnerability has been found in SourceCodester Profile Registration without Reload Refresh 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9799
|
2024-10-17 23:32 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313174
|
4.3 |
MEDIUM
Adjacent
|
dell
|
emc_appsync
|
Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to in…
|
CWE-611
XXE
|
CVE-2024-39586
|
2024-10-17 23:30 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313175
|
7.2 |
HIGH
Network
|
lylme
|
lylme_spage
|
A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql inject…
|
CWE-89
SQL Injection
|
CVE-2024-9790
|
2024-10-17 23:26 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313176
|
7.2 |
HIGH
Network
|
lylme
|
lylme_spage
|
A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql in…
|
CWE-89
SQL Injection
|
CVE-2024-9789
|
2024-10-17 23:26 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313177
|
7.2 |
HIGH
Network
|
lylme
|
lylme_spage
|
A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql in…
|
CWE-89
SQL Injection
|
CVE-2024-9788
|
2024-10-17 23:26 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313178
|
5.4 |
MEDIUM
Network
|
openwebui
|
open_webui
|
In version v0.3.8 of open-webui/open-webui, a vulnerability exists where a token is returned when a user with a pending role logs in. This allows the user to perform actions without admin confirmatio…
|
NVD-CWE-Other
|
CVE-2024-7049
|
2024-10-17 23:22 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313179
|
5.5 |
MEDIUM
Local
|
wireshark
|
wireshark
|
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
|
CWE-909
Missing Initialization of Resource
|
CVE-2024-9780
|
2024-10-17 23:18 |
2024-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313180
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fou: fix initialization of grc
The grc must be initialize first. There can be a condition where if
fou is NULL, goto out will be …
|
CWE-908
Use of Uninitialized Resource
|
CVE-2024-46865
|
2024-10-17 23:15 |
2024-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
