|
312031
|
6.7 |
MEDIUM
Local
|
fortinet
|
forticlient
|
An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2024-40592
|
2024-11-15 05:37 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312032
|
8.8 |
HIGH
Local
|
fortinet
|
forticlient
|
A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate thei…
|
CWE-270
Privilege Context Switching Error
|
CVE-2024-36513
|
2024-11-15 05:35 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312033
|
6.1 |
MEDIUM
Network
|
ibm
|
cics_tx
|
IBM CICS TX Standard is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41745
|
2024-11-15 05:35 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312034
|
- |
|
-
|
-
|
An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber paramete…
|
-
|
CVE-2024-46635
|
2024-11-15 05:35 |
2024-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312035
|
4.4 |
MEDIUM
Local
|
fortinet
|
fortiweb
|
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and …
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2024-36509
|
2024-11-15 05:33 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312036
|
7.8 |
HIGH
Local
|
fortinet
|
forticlient
|
A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and socia…
|
CWE-426
Untrusted Search Path
|
CVE-2024-36507
|
2024-11-15 05:31 |
2024-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312037
|
8.1 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controlle…
|
CWE-352
Origin Validation Error
|
CVE-2024-51484
|
2024-11-15 05:14 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312038
|
5.4 |
MEDIUM
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulner…
|
CWE-352
Origin Validation Error
|
CVE-2024-51488
|
2024-11-15 05:12 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312039
|
8.1 |
HIGH
Network
|
ampache
|
ampache
|
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. …
|
CWE-352
Origin Validation Error
|
CVE-2024-51485
|
2024-11-15 05:06 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312040
|
4.3 |
MEDIUM
Network
|
futuriowp
|
futurio_extra
|
The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on wh…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-10695
|
2024-11-15 04:44 |
2024-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
