|
311801
|
3.7 |
LOW
Network
|
fortinet
|
fortiadc
|
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2…
|
NVD-CWE-noinfo
|
CVE-2024-36511
|
2024-09-21 04:43 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311802
|
7.1 |
HIGH
Local
|
citrix
|
workspace
|
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privilege…
|
CWE-863
Incorrect Authorization
|
CVE-2024-42423
|
2024-09-21 04:42 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311803
|
8.1 |
HIGH
Network
|
fortinet
|
forticlient
|
AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 thr…
|
CWE-295
Improper Certificate Validation
|
CVE-2024-31489
|
2024-09-21 04:41 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311804
|
9.8 |
CRITICAL
Network
|
sandhillsdev
|
easy_digital_downloads
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a t…
|
CWE-89
SQL Injection
|
CVE-2024-5057
|
2024-09-21 04:31 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311805
|
9.8 |
CRITICAL
Network
|
microsoft
|
windows_10_1809
windows_server_2019
windows_server_2022
windows_11_21h2
windows_10_21h2
windows_11_22h2
windows_10_22h2
windows_11_23h2
windows_server_2022_23h2
windows_11_…
|
Windows TCP/IP Remote Code Execution Vulnerability
|
NVD-CWE-noinfo
|
CVE-2024-21416
|
2024-09-21 03:55 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311806
|
7.5 |
HIGH
Network
|
sitecore
|
experience_commerce
experience_platform
experience_manager
|
An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can r…
|
NVD-CWE-noinfo
|
CVE-2024-46938
|
2024-09-21 03:15 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311807
|
4.9 |
MEDIUM
Network
|
misp
|
misp
|
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
|
CWE-863
Incorrect Authorization
|
CVE-2024-46918
|
2024-09-21 03:14 |
2024-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311808
|
4.7 |
MEDIUM
Network
|
openjsf
|
serve-static
|
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
|
CWE-79
Cross-site Scripting
|
CVE-2024-43800
|
2024-09-21 02:36 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311809
|
4.3 |
MEDIUM
Network
|
ibm
|
concert
|
IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this li…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2024-43180
|
2024-09-21 02:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311810
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
libfs: fix get_stashed_dentry()
get_stashed_dentry() tries to optimistically retrieve a stashed dentry
from a provided location. …
|
NVD-CWE-noinfo
|
CVE-2024-46801
|
2024-09-21 02:18 |
2024-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
