|
317731
|
6.5 |
MEDIUM
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the l…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2024-31416
|
2024-09-20 04:06 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317732
|
8.1 |
HIGH
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-31415
|
2024-09-20 03:50 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317733
|
6.1 |
MEDIUM
Network
|
eaton
|
foreseer_electrical_power_monitoring_system
|
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sa…
|
CWE-79
Cross-site Scripting
|
CVE-2024-31414
|
2024-09-20 03:48 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317734
|
8.1 |
HIGH
Network
|
lunary
|
lunary
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create pro…
|
CWE-352
Origin Validation Error
|
CVE-2024-6862
|
2024-09-20 03:37 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317735
|
6.5 |
MEDIUM
Network
|
lunary
|
lunary
|
An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint does not verify that the user has the necessary access righ…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2024-6867
|
2024-09-20 03:28 |
2024-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317736
|
9.8 |
CRITICAL
Network
|
arm
|
mbed_tls
|
An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-45159
|
2024-09-20 03:26 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317737
|
4.8 |
MEDIUM
Network
|
peepso
|
peepso
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due t…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7655
|
2024-09-20 03:20 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317738
|
4.8 |
MEDIUM
Network
|
peepso
|
peepso
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7618
|
2024-09-20 03:20 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317739
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: avoid using null object of framebuffer
Instead of using state->fb->obj[0] directly, get object from framebuffer
…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-46694
|
2024-09-20 03:16 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317740
|
5.4 |
MEDIUM
Network
|
microfocus
|
netiq_access_manager
|
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1.
|
CWE-79
Cross-site Scripting
|
CVE-2024-4554
|
2024-09-20 03:15 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
