|
312331
|
6.1 |
MEDIUM
Network
|
halo
|
halo
|
Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.17.0 of the Halo project. This vulnerability allows an attacker to execute malicious …
|
CWE-79
Cross-site Scripting
|
CVE-2024-43792
|
2024-09-17 01:26 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312332
|
8.2 |
HIGH
Network
|
sap
|
bex_web_java_runtime_export_web_service
|
BEx Web Java Runtime Export Web Service does not
sufficiently validate an XML document accepted from an untrusted source. An
attacker can retrieve information from the SAP ADS system and exhaust the
…
|
CWE-91
Blind XPath Injection
|
CVE-2024-42374
|
2024-09-17 01:25 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312333
|
9.1 |
CRITICAL
Network
|
sap
|
commerce_cloud
|
Some OCC API endpoints in SAP Commerce Cloud
allows Personally Identifiable Information (PII) data, such as passwords, email
addresses, mobile numbers, coupon codes, and voucher codes, to be included…
|
NVD-CWE-noinfo
|
CVE-2024-33003
|
2024-09-17 01:22 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312334
|
7.5 |
HIGH
Network
|
github
|
actions\/artifact
actions_toolkit
|
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downl…
|
CWE-22
Path Traversal
|
CVE-2024-42471
|
2024-09-17 01:18 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312335
|
4.3 |
MEDIUM
Network
|
sap
|
business_objects_business_intelligence_platform
|
SAP BusinessObjects Business Intelligence
Platform allows an authenticated attacker to upload malicious code over the
network, that could be executed by the application. On successful
exploitat…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-28166
|
2024-09-17 01:17 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312336
|
5.3 |
MEDIUM
Network
|
mainwww
|
mwcms
|
A vulnerability was found in Fujian mwcms 1.0.0. It has been declared as critical. Affected by this vulnerability is the function uploadeditor of the file /uploadeditor.html?action=uploadimage of the…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-7705
|
2024-09-17 01:15 |
2024-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312337
|
4.4 |
MEDIUM
Local
|
dell
|
insightiq
|
Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to D…
|
NVD-CWE-noinfo
|
CVE-2024-39574
|
2024-09-17 00:59 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312338
|
9.8 |
CRITICAL
Network
|
dell
|
insightiq
|
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially expl…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2024-39581
|
2024-09-17 00:50 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312339
|
5.5 |
MEDIUM
Local
|
dell
|
precision_7920_firmware
7920_xl_firmware
|
Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially ex…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-42425
|
2024-09-17 00:46 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
312340
|
9.8 |
CRITICAL
Network
|
dell
|
insightiq
|
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploi…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2024-39583
|
2024-09-17 00:42 |
2024-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
