|
316131
|
5.3 |
MEDIUM
Network
|
dorsettcontrols
|
infoscan
|
Dorsett Controls InfoScan is vulnerable due to a leak of possible
sensitive information through the response headers and the rendered
JavaScript prior to user login.
|
NVD-CWE-noinfo
|
CVE-2024-42493
|
2024-08-29 23:24 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316132
|
7.5 |
HIGH
Network
|
dorsettcontrols
|
infoscan
|
Dorsett Controls Central Server update server has potential information
leaks with an unprotected file that contains passwords and API keys.
|
NVD-CWE-noinfo
|
CVE-2024-39287
|
2024-08-29 23:23 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316133
|
3.7 |
LOW
Network
|
dorsettcontrols
|
infoscan
|
The InfoScan client download page can be intercepted with a proxy, to
expose filenames located on the system, which could lead to additional
information exposure.
|
CWE-22
Path Traversal
|
CVE-2024-42408
|
2024-08-29 23:22 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316134
|
9.0 |
CRITICAL
Network
|
vrcx-team
|
vrcx
|
VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to re…
|
CWE-79
Cross-site Scripting
|
CVE-2024-42366
|
2024-08-29 23:04 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316135
|
4.8 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVS…
|
CWE-79
Cross-site Scripting
|
CVE-2024-7394
|
2024-08-29 22:41 |
2024-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316136
|
9.8 |
CRITICAL
Network
|
havocframework
|
havoc
|
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-41570
|
2024-08-29 22:32 |
2024-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316137
|
- |
|
-
|
-
|
Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentia…
|
CWE-788
Access of Memory Location After End of Buffer
|
CVE-2024-38304
|
2024-08-29 22:25 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316138
|
- |
|
-
|
-
|
Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vu…
|
CWE-20
Improper Input Validation
|
CVE-2024-38303
|
2024-08-29 22:25 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316139
|
7.2 |
HIGH
Network
|
-
|
-
|
The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticat…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2022-2440
|
2024-08-29 22:25 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316140
|
- |
|
-
|
-
|
The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. `aws…
|
-
|
CVE-2024-45043
|
2024-08-29 22:25 |
2024-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
