|
311181
|
7.5 |
HIGH
Network
|
dueclic
|
wp_2fa_with_telegram
|
The WP 2FA with Telegram plugin for WordPress is vulnerable to Two-Factor Authentication Bypass in versions up to, and including, 3.0. This is due to the two-factor code being stored in a cookie, whi…
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2024-9820
|
2024-10-19 09:44 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311182
|
8.8 |
HIGH
Network
|
newtype
|
webeip
|
WebEIP v3.0 from
NewType does not properly validate user input, allowing remote attackers with regular privilege to inject SQL commands to read, modify, and delete data stored in database. The affe…
|
CWE-89
SQL Injection
|
CVE-2024-9968
|
2024-10-19 09:42 |
2024-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311183
|
7.2 |
HIGH
Network
|
fortinet
|
fortianalyzer
fortianalyzer_cloud
|
A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.
|
NVD-CWE-noinfo
|
CVE-2024-45330
|
2024-10-19 09:41 |
2024-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311184
|
7.2 |
HIGH
Network
|
hashicorp
|
vault
|
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edi…
|
NVD-CWE-Other
|
CVE-2024-9180
|
2024-10-19 05:15 |
2024-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311185
|
- |
|
-
|
-
|
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9884. Reason: This candidate is a reservation duplicate of CVE-2024-9884. Notes: All CVE users should reference CV…
|
-
|
CVE-2024-10115
|
2024-10-19 04:15 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311186
|
7.5 |
HIGH
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerab…
|
NVD-CWE-noinfo
|
CVE-2024-21274
|
2024-10-19 04:05 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311187
|
7.5 |
HIGH
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2024-21260
|
2024-10-19 04:05 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311188
|
7.5 |
HIGH
Network
|
oracle
|
weblogic_server
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2024-21234
|
2024-10-19 04:05 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311189
|
7.5 |
HIGH
Network
|
oracle
|
service_bus
|
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerabili…
|
NVD-CWE-noinfo
|
CVE-2024-21246
|
2024-10-19 04:04 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
311190
|
4.8 |
MEDIUM
Network
|
oracle
|
graalvm
graalvm_for_jdk
jre
jdk
|
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE…
|
NVD-CWE-noinfo
|
CVE-2024-21235
|
2024-10-19 03:30 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
