|
313081
|
6.1 |
MEDIUM
Network
|
portabilis
|
i-educar
|
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was i…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45057
|
2024-09-14 05:03 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313082
|
7.5 |
HIGH
Network
|
huawei
|
harmonyos
emui
|
Vulnerability of permission verification for APIs in the DownloadProviderMain module
Impact: Successful exploitation of this vulnerability will affect availability.
|
NVD-CWE-noinfo
|
CVE-2024-45442
|
2024-09-14 05:00 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313083
|
5.4 |
MEDIUM
Network
|
squaredup
|
squaredup_ds_for_scom
|
SquaredUp DS for SCOM 6.2.1.11104 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2024-45180
|
2024-09-14 04:55 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313084
|
8.1 |
HIGH
Network
|
idec
|
windo\/i-nv4
windldr
|
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user cre…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2024-41716
|
2024-09-14 04:53 |
2024-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313085
|
4.3 |
MEDIUM
Network
|
audiobookshelf
|
audiobookshelf
|
audiobookshelf is a self-hosted audiobook and podcast server. A non-admin user is not allowed to create libraries (or access only the ones they have permission to). However, the `LibraryController` i…
|
CWE-22
Path Traversal
|
CVE-2024-43797
|
2024-09-14 04:49 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313086
|
9.8 |
CRITICAL
Network
|
zyxel
|
nwa110ax_firmware
nwa1123-ac_pro_firmware
nwa1123acv3_firmware
nwa130be_firmware
nwa210ax_firmware
nwa220ax-6e_firmware
nwa50ax_firmware
nwa50ax_pro_firmware
nwa55axe_firmware…
|
The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4)
and e…
|
CWE-78
OS Command
|
CVE-2024-7261
|
2024-09-14 04:39 |
2024-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313087
|
9.8 |
CRITICAL
Network
|
cisco
|
smart_license_utility
|
A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential.
This vulnerability is …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2024-20439
|
2024-09-14 04:35 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313088
|
5.3 |
MEDIUM
Network
|
funnelforms
|
funnelforms_free
|
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
|
CWE-862
Missing Authorization
|
CVE-2024-7447
|
2024-09-14 04:33 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313089
|
5.3 |
MEDIUM
Network
|
permalink_manager_lite_project
|
permalink_manager_lite
|
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in al…
|
CWE-862
Missing Authorization
|
CVE-2024-8195
|
2024-09-14 04:28 |
2024-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313090
|
5.5 |
MEDIUM
Local
|
cisco
|
duo_authentication_for_epic
|
A vulnerability in Cisco Duo Epic for Hyperdrive could allow an authenticated, local attacker to view sensitive information in cleartext on an affected system.
This vulnerability is due to imprope…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2024-20503
|
2024-09-14 04:24 |
2024-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
