|
314041
|
9.8 |
CRITICAL
Network
|
soplanning
|
soplanning
|
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulne…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-27113
|
2024-09-19 03:43 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314042
|
9.8 |
CRITICAL
Network
|
soplanning
|
soplanning
|
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying d…
|
CWE-89
SQL Injection
|
CVE-2024-27112
|
2024-09-19 03:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314043
|
9.8 |
CRITICAL
Network
|
agpt
|
autogpt
|
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific com…
|
CWE-78
OS Command
|
CVE-2024-6091
|
2024-09-19 03:41 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314044
|
9.8 |
CRITICAL
Network
|
reedos
|
aim-star
|
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulner…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2024-45790
|
2024-09-19 03:38 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314045
|
7.5 |
HIGH
Network
|
pxlrbt
|
filament_excel
|
Filament Excel enables excel export for Filament admin resources. The export download route `/filament-excel/{path}` allowed downloading any file without login when the webserver allows `../` in the …
|
CWE-22
Path Traversal
|
CVE-2024-42485
|
2024-09-19 03:31 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314046
|
6.5 |
MEDIUM
Adjacent
|
zyxel
|
gs1900-48hpv2_firmware
gs1900-48_firmware
gs1900-24hpv2_firmware
gs1900-24ep_firmware
gs1900-24e_firmware
gs1900-24_firmware
gs1900-16_firmware
gs1900-10hp_firmware
gs1900-8hp…
|
An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2…
|
CWE-331
Insufficient Entropy
|
CVE-2024-38270
|
2024-09-19 03:23 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314047
|
6.5 |
MEDIUM
Network
|
reedos
|
aim-star
|
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vul…
|
NVD-CWE-Other
|
CVE-2024-45787
|
2024-09-19 03:15 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314048
|
5.3 |
MEDIUM
Network
|
bplugins
|
html5_video_player
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5…
|
CWE-862
Missing Authorization
|
CVE-2024-7727
|
2024-09-19 03:07 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314049
|
9.8 |
CRITICAL
Network
|
spip
|
spip
|
SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipar…
|
NVD-CWE-Other
|
CVE-2024-8517
|
2024-09-19 03:05 |
2024-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314050
|
4.3 |
MEDIUM
Network
|
bplugins
|
html5_video_player
|
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in…
|
CWE-862
Missing Authorization
|
CVE-2024-7721
|
2024-09-19 03:01 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
