|
313961
|
9.8 |
CRITICAL
Network
|
cisco
|
spa_301_firmware
spa_303_firmware
spa_501g_firmware
spa_502g_firmware
spa_504g_firmware
spa_508g_firmware
spa_509g_firmware
spa_512g_firmware
spa_514g_firmware
spa_525g_fir…
|
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote …
|
CWE-120
Classic Buffer Overflow
|
CVE-2024-20454
|
2024-08-24 03:13 |
2024-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313962
|
6.5 |
MEDIUM
Network
|
enphase
|
iq_gateway_firmware
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endp…
|
CWE-22
Path Traversal
|
CVE-2024-21877
|
2024-08-24 03:06 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313963
|
9.1 |
CRITICAL
Network
|
enphase
|
iq_gateway_firmware
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to a…
|
CWE-22
Path Traversal
|
CVE-2024-21876
|
2024-08-24 03:05 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313964
|
9.8 |
CRITICAL
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is pr…
|
CWE-78
OS Command
|
CVE-2024-21878
|
2024-08-24 02:52 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313965
|
8.8 |
HIGH
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) …
|
CWE-78
OS Command
|
CVE-2024-21879
|
2024-08-24 02:49 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313966
|
7.2 |
HIGH
Network
|
enphase
|
iq_gateway_firmware
|
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) a…
|
CWE-78
OS Command
|
CVE-2024-21880
|
2024-08-24 02:38 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313967
|
- |
|
-
|
-
|
A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code…
|
-
|
CVE-2024-42763
|
2024-08-24 02:35 |
2024-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313968
|
9.8 |
CRITICAL
Network
|
squirrelly
|
squirrelly
|
squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName.
|
CWE-94
Code Injection
|
CVE-2024-40453
|
2024-08-24 02:35 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313969
|
6.1 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential…
|
CWE-79
Cross-site Scripting
|
CVE-2024-41675
|
2024-08-24 02:07 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313970
|
5.3 |
MEDIUM
Network
|
okfn
|
ckan
|
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL (potentially including credentials) …
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2024-41674
|
2024-08-24 02:06 |
2024-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
