|
317651
|
9.8 |
CRITICAL
Network
|
pimax
|
play
pitool
|
Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker.
|
NVD-CWE-Other
|
CVE-2024-41889
|
2024-08-31 02:53 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317652
|
8.0 |
HIGH
Adjacent
|
zexelon
|
zwx-2000csw2-hn_firmware
|
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the con…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2024-41720
|
2024-08-31 02:49 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317653
|
8.8 |
HIGH
Adjacent
|
zexelon
|
zwx-2000csw2-hn_firmware
|
ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the devic…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-39838
|
2024-08-31 02:49 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317654
|
9.1 |
CRITICAL
Network
|
hamastar
|
meetinghub_paperless_meetings
|
A Plaintext Storage of a Password vulnerability in ebooknote function in Hamastar MeetingHub Paperless Meetings 2021 allows remote attackers to obtain the other users’ credentials and gain access to …
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2024-6118
|
2024-08-31 02:44 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317655
|
8.8 |
HIGH
Network
|
hamastar
|
meetinghub_paperless_meetings
|
A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary sy…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-6117
|
2024-08-31 02:41 |
2024-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317656
|
5.3 |
MEDIUM
Network
|
in2code
|
powermail
|
An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An un…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2024-45232
|
2024-08-31 01:34 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317657
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-843
Type Confusion
|
CVE-2024-8194
|
2024-08-31 01:34 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317658
|
9.8 |
CRITICAL
Network
|
in2code
|
powermail
|
An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, re…
|
NVD-CWE-Other
|
CVE-2024-45233
|
2024-08-31 01:33 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317659
|
5.5 |
MEDIUM
Local
|
wireshark
|
wireshark
|
NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
|
CWE-787
Out-of-bounds Write
|
CVE-2024-8250
|
2024-08-31 01:32 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
317660
|
6.1 |
MEDIUM
Network
|
nextbricks
|
bricksore
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nextbricks Brickscore allows Stored XSS.This issue affects Brickscore: from n/a through 1.…
|
CWE-79
Cross-site Scripting
|
CVE-2024-43950
|
2024-08-31 01:20 |
2024-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
